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Preface to the English ‘Translation 


Since the publication of the Russian edition of this book in 1990 there have 
been some significant new developments in number theory. First of all, the 
famous problem “Fermat’s Last Theorem” together with the Taniyama—Weil 
conjecture for semi-stable elliptic curves, seem to have been completely proved 
by A.Wiles. Wiles used various sophisticated techniques and ideas due to him- 
self and a number of other mathematicians (K. Ribet, G. Frey, Y. Hellegouarch, 
J.-M. Fontaine, H. Hida, B. Mazur, J.-P. Serre, R. Taylor, J. Tunnel, ...). This 
genuinely historic event concludes a whole epoch in number theory, and opens 
at the same time a new period which could be closely involved with implement- 
ing the general Langlands. programme. Indeed, the Taniyama—Weil conjecture 
may be regarded as a special case of Langlands’ conjectural correspondence 
between arithmetical algebraic varieties (motives), Galois representations and 
automorphic forms. One of the characteristic features of the new methods and 
ideas is the intensive use of p-adic L-functions and Galois representations. 
Another striking recent example of this feature is K. Rubin’s construction of 
rational points on elliptic curves using special values of p-adic L-functions 
and their derivatives. Among other important achievements of recent time 
we mention Faltings’ proof of the Fontaine conjectures on p-adic Galois rep- 
resentations; the new proof of the Mordell conjecture using Diophantine ap- 
proximation on algebraic varieties; the newly proven cases of validity of the 
Langlands correspondence; Kolyvagin’s theory of Euler systems and Iwasawa 
theory for classes of algebraic varieties and motives... 

Unfortunately, we have been unable to include (or even to mention) any of 
these (and other) new facts in the English version of our book, and we rely 
totally on the understanding of our readers. 

The translation of this book was carried out in Moscow and Gottingen, 
Sonderforschungsbereich 170. We would like to express our gratitude to SFB 
170 and to Prof.S.J. Patterson for providing a pleasant working environment, 
and to Dr. R. Hill for editing the translated manuscript. 


July 1995 Yu.l. Manin 
A.A. Panchishkin 
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Preface 


Among the various branches of mathematics, number theory is characterized 
to a lesser degree by its primary subject (“integers”) than by a psychologi- 
cal attitude. Actually, number theory also deals with rational, algebraic, and 
transcendental numbers, with some very specific analytic functions (such as 
Dirichlet series and modular forms), and with some geometric objects (such 
as lattices and schemes over Z). The question whether a given article belongs 
to number theory is answered by its author’s system of values. If arithmetic 
is not there, the paper will hardly be considered as number-theoretical, even 
if it deals exclusively with integers and congruences. On the other hand, any 
mathematical tool, say, homotopy theory or dynamical systems may become 
an important source of number-theoretical inspiration. For this reason, com- 
binatorics and the theory of recursive functions are not usually associated 
with number theory, whereas modular functions are. 

In this report we interpret number theory broadly. There are compelling 
reasons to adopt this viewpoint. 

First of all, the integers constitute (together with geometric images) one of 
the primary subjects of mathematics in general. Because of this, the history 
of elementary number theory is as long as the history of all mathematics, and 
the history of modern mathematic began when “numbers” and “figures” were 
united by the concept of coordinates (which in the opinion of I.R.Shafarevich 
also forms the basic idea of algebra). 

Moreover, integers constitute the basic universe of discrete symbols and 
therefore a universe of all logical constructions conceived as symbolic games. 
Of course, as an act of individual creativity, mathematics does not reduce 
to logic. Nevertheless, in the collective consciousness of our epoch there does 
exist an image of mathematics as a potentially complete, immense and pre- 
cise logical construction. While the unrealistic rigidity of this image is well 
understood, there is still a strong tendency to keep it alive. The last but not 
the least reason for this is the computer reality of our time, with its very 
strict demands on the logical structure of a particular kind of mathematical 
production: software. 

It was a discovery of our century, due to Hilbert and Godel above all, 
that the properties of integers are general properties of discrete systems and 
therefore properties of the world of mathematical reasoning. We understand 
now that this idea can be stated as a theorem that provability in an arbitrary 
finitistic formal system is equivalent to a statement about decidability of a 
system of Diophantine equations (cf. below). This paradoxical fact shows that 
number theory, being a small part of mathematical knowledge, potentially 
embraces all this knowledge. If Gauss’ famous motto on arithmetic needs 
justification, this theorem can be considered as such. 
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We had no intention of presenting in this report the whole of number theo- 
ry. That would be impossible anyway. Therefore, we had to consider the usual 
choice and organization problems. Following some fairly traditional classifica- 
tion principles, we could have divided the bulk of this book into the following 
parts: 


1. Elementary number theory. 

2. Arithmetic of algebraic numbers. 

3. Number-theoretical structure of the continuum (approximation theory, 
transcendental numbers, geometry of numbers Minkowski style, metric 
number theory etc.). 

4. Analytic number theory (circle method, exponential sums, Dirichlet series 
and explicit formulae, modular forms). : 

5. Algebraic-geometric methods in the theory of Diophantine equations. 

6. Miscellany (“wastebasket” ). 


We preferred, however, a different system, and decided to organize our 
subject into three large subheadings which shall be described below. Because 
of our incompetence and/or lack of space we then had to omit many important 
themes that were initially included into our plan. In particular, the whole third 
part perished. We shall nevertheless briefly explain its concepts in order to 
present in a due perspective both this book and subsequent number-theoretical 
issues of this series. 


Part 1. Problems and Tricks 


The choice of the material for this part was guided by the following principles. 
In number theory, like in no other branch of mathematics, a bright young 
person with-a minimal mathematical education can sometimes work wonders 
using inventive tricks. There are a lot of unsolved elementary problems waiting 
for fresh approaches. Of course, good taste is still necessary, and this comes 
with long training. Also, nobody can tell a priori that, say, the ancient problem 
on the pairs of “friendly numbers” is a bad one, while the Fermat conjecture is 
a beauty but it cannot be approached without seriously developed technique. 
Elementary number theory consists of many problems, posed, solved and 
developed into theorems in the classical literature, and also of many tricks 
which subsequently grew into large theories. The list of such tricks is still 
growing, as Apéry’s proof of the irrationality of ¢(3) shows. Any professional 
mathematician can gain by knowing some of these stratagems. 

In order not to restrict ourselves to very well known results we empha- 
size algorithmic problems and such modern applications of number theory as 
public key cryptography. In general, the number-theoretical methods of infor- 
mation processing, oriented towards computer science (e.g. the fast Fourier 
transform) have revitalized the classical elementary number theory. 


Part 2. Ideas and Theories 


In this part we intended to explain the next stage of the number-theoreti- 
cal conceptions, in which special methods for solving special problems are 
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systematized and axiomatized, and become the subject-matter of monographs 
and advanced courses. 

From this vantage point, the elementary number theory becomes an imagi- 
nary collection of all theorems which can be deduced from the Peano axioms, 
of which the strongest tool is the induction axiom: It appears in such a role in 
meta-mathematical investigations and has for several decades been developed 
as a part of mathematical logic, namely the theory of recursive functions. 
Finally, since the remarkable proof of Matiyasevich’s theorem, a further ac- 
complished number-theoretical fragment has detached itself from this theory 
— the theory of Diophantine sets. 

A Diophantine set is any subset of natural numbers that can be defined 
as a projection of the solution set of a system of polynomial equations with 
integral coefficients. The Matiyasevich theorem says that any set generated 
by an algorithm (technically speaking, ennumerable or listable) is actually 
Diophantine. In particular, to this class belongs the set of all numbers of 
provable statements of an arbitrary formal system, say, of axiomatized set- 
theoretical mathematics. 

The next large chapter of modern arithmetic is connected with the exten- 
sion of the domain of integers to the domain of algebraic integers. The latter 
is not finitely generated as a ring, and only its finitely generated subrings 
consisting of all integers of a finite extension of Q preserve essential similarity 
to classical arithmetic. Historically such extensions were motivated by prob- 
lems stated for Z, (e.g. the Fermat conjecture, which leads to the divisibility 
properties of cyclotomic integers). Gradually however an essentially new ob- 
ject began to dominate the picture — the fundamental symmetry group of 
number theory Gal(Q/Q). It was probably Gauss who first understood this 
clearly. His earliest work on the construction of regular polygons by ruler- 
and-compass methods already shows that this problem is governed not by 
the visible symmetry of the figure but by the well-hidden Galois symmetry. 
His subsequent concentration on the quadratic reciprocity law (for which he 
suggested seven or eight proofs!) is striking evidence that he foresaw its place 
in modern class—field theory. Unfortunately, in most modern texts devoted to 
elementary number theory one cannot find any hint of explanation as to why 
quadratic reciprocity is anything more than just a curiosity. The point is that 
primes, the traditional subject matter of arithmetic, have another avatar as 
Frobenius elements in the Galois group. Acting as such upon algebraic num- 
bers, they encode in this disguise of symmetries much more number-theoretical 
information than in their more standard appearance as elements of Z. 

The next two chapters of this part of our report are devoted to algebraic- 
geometric methods, zeta-functions of schemes over Z, and modular forms. 
These subjects are closely interconnected and furnish the most important 
technical tools for the investigation of Diophantine equations. 

For a geometer, an algebraic variety is the set of all solutions of a system of 
polynomial equations defined, say, over the complex numbers. Such a variety 
has a series of invariants. One starts with topological invariants like dimension 
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and (co)homology groups; one then takes into account the analytic invariants 
such as the cohomology of the powers of the canonical sheaf, moduli etc. The 
fundamental idea is that these invariants should define the qualitative features 
of the initial. Diophantine problem, for example the possible existence of an 
infinity of solutions, the behaviour of the quantity of solutions of bounded size 
etc. This is only a guiding principle, but its concrete realizations belong to 
the most important achievements of twentieth century number theory, namely 
A. Weil’s programme and its realization by A. Grothendieck and P. Deligne, 
as well as G. Faltings’ proof of the Mordell conjecture. 

Zeta-functions furnish an analytical technique for refining qualitative sta- 
tements to quantitative ones. The central place here belongs to the so called 
“explicit formulae”. These can be traced back to Riemann who in his famous 
memoir discovered the third avatar of primes — zeroes of Riemann’s zeta func- 
tion. Generally, arithmetical functions and zeroes of various zetas are related 
by a subtle duality. Proved or conjectured properties of the zeroes are trans- 
lated back to arithmetic by means of the explicit formulae. This duality lies 
in the heart of modern number theory. 

Modular forms have been known since the times of Euler and Jacobi. They 
have been used to obtain many beautiful and mysterious number-theoretical 
results. Simply by comparing the Fourier coefficients of a theta-series with its 
decomposition as a linear combination of Eisenstein series and cusp forms, 
one obtains a number of remarkable identities. The last decades made us 
aware that modular forms, via Mellin’s transform, also provide key informa- 
tion about the analytic properties of various zeta-functions. 

The material that deserved to be included into this central part of our re- 
port is immense and we have had to pass in silence over many important devel- 
opments. We have also omitted some classical tools like the Hardy—Littlewood 
circle method and the Vinogradov method of exponential sums. These should 
be described in subsequent books in this series. We have said only a few words 
on Diophantine approximation and transcendental numbers, in particular, the 
Gelfond—Baker and the Gelfond—Schneider methods. 

Finally, the last section devoted to the Langlands program is the only 
survivor of the planned 


Part 3. Conjectures and Analogies 


This part was conceived as an explanation of some basic intuitive ideas that 
underlie modern number-theoretical thinking. One subject could have been 
called Analogies between numbers and functions. We could have included un- 
der this heading, e.g., an introduction to Arakelov geometry, and Vojta’s con- 
jectures. | 

The Langlands program strives to understand the structure of the Galozs 
group of all algebraic numbers and relates in a series of deep conjectures the 
representation theory of this group to zeta-functions and modular forms. 


We use the standard system of cross—referencing in this book. 
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Part I 
Problems and Tricks 


Chapter 1 
Elementary Number ‘Theory 


§1. Problems About Primes. Divisibility and Primality 


1.1. Arithmetical Notation. The usual decimal notation of natural numbers 
is a special case of notation to the base m. An integer n is written to the base 
m if it is represented in the form | 


n= dp_pm*—! + dy_gm*-? +... + do 


where 0 < d; < m—1. The coefficients d; are called m-—ary digits (or simply 
digits). Actually, this name is often applied not to the numbers d; but to the 
special signs chosen to denote these numbers. If we do not want to specify 
these signs we can write the m-ary expansion as above in the form n = 
(dy.—1dp—2...d1d9)m. The number of digits in such a notation is 


k = [log,, n| + 1 = [logn/ log m] + 1 


where | | denotes the integral part. Computers use the binary system; a binary 
digit (0 or 1) is called a bzt. The high school prescription for the addition of 
a k-bit number and an /-bit number requires max(k,!) bit-operations (one 
bit-operation here is a Boolean addition and a carry). Similarly, multiplica- 
tion requires < 2kl bit-operations (Knuth D.E. (1981), Koblitz N. (1987)). 
The number of bit—operations needed to perform an arithmetical operation 
furnishes an estimate of the computer working time (if it uses an implementa- 
tion of the corresponding algorithm). For this reason, new fast multiplication 
schemes were invented, requiring only O(k log k log log k) bit—-operations for 
the multiplication of two < k-bit numbers, instead of O(k?) (Knuth D.E. 
(1981)). Notice that in order to translate the binary expansion of a number n 
into the m-ary expansion one needs O(k*) bit-operations where k = logs n. In 
fact, this takes O(k) divisions with remainder, each of which, in turn, requires 
O(kl) bit—operations where | = log, m. 

We have briefly discussed some classical examples of algorithms. These 
are explicitly and completely described procedures for symbolic manipulation 
(Garey M.R., Johnson D.S. (1979), Markov A.A. (1954)). In our examples, we 
started with the binary expansions of two integers and obtained the binary 
expansion of their sum or product, or their m-ary expansions. In general, an 
algorithm is called polynomial if the number of bit—operations it performs on 
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data of binary length L is bounded above by a polynomial in L. The algorithms 
just mentioned are all polynomial (cf. Koblitz N. (1987), Knuth D.E. (1981), 
Riesel H. (1985)). 


1.2. Primes and Composite Numbers. The following two assertions are ba- 
sic facts of number theory: a) every natural number n > 1 has a unique 
factorization n = p{'p5?...p%" where p; < po... < p, are primes, a; > 0; b) 
the set of primes is infinite. 

Any algorithm finding such a factorization also answers a simpler question: 
is a given integer prime or composite? Such primality tests are important 
in themselves. The well known Fratosthenes sieve is an ancient (3rd century 
B.C.) algorithm listing all primes < n. As a by-product, it furnishes the small- 
est prime dividing n and is therefore a primality test. As such, however, it is 
quite inefficient since it takes > n divisions, and this depends exponentially 
on the binary length of n. Euclid’s proof that the set of primes cannot be 
finite uses an ad absurdum argument: otherwise the product of all the primes 
augmented by one would have no prime factorization. A more modern proof 
was given by Euler: the product taken over all primes 


M(s-2) = (1+2+4+... (1.1) 


p Pp 


would be finite if their set were finite. However, the r.h.s. of (1.1) reduces to the 
divergent harmonic series )>~_, n~/ due to the uniqueness of factorization. 
Fibonacci suggested a faster primality test (1202) by noting that the small- 
est non-trivial divisor of n is < [./n] so that it suffices to try only such numbers 
(Wagon S. (1986), Adleman L.M., Rivest R.L., Shamir A. (1978)). 
The next breakthrough in primality testing was connected with Fermat’s 
little theorem (discovered in the seventeenth century). 


Fermat’s Little Theorem. Jf n is prime then for any integer a relatively 
prime ton 


a"-'=1mod n. (1.2) 


The condition (1.2) (with a fixed a) is necessary but generally not suffi- 
cient for n to be prime. If it fails for n, we can be sure that n is composite, 
without even knowing a single divisor of it. We call n pseudoprime w.r.t. a if 
gced(a,n) = 1 and (1.2) holds. Certain composite numbers n = 561 = 3-11-17, 
1105 = 5-13-17, 1729 = 7-13-19 are pseudoprime w.r.t. all a (relatively 
prime to n). Such numbers are called Carmichael numbers (Koblitz N. (1987), 
Lenstra H.W. Jr. (1980)). It is conceivable that their set is infinite.*) For ex- 
ample, a square-free n is a Carmichael number iff for any prime p dividing n, 
p — 1 divides n — 1. 


*)This was proved recently by Alford, Granville and Pomerance (1994). 
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A remarkable property of (1.2) is that it admits a fast testing algorithm. 
The point is that large powers a™ mod ncan be readily computed by repeated 
squaring. More precisely, consider the binary representation of n — 1: 


m=n—1 = dp_12*7! 4+ dp_ot...+do 
with d,_; = 1. Put r; =amod n and 


ee r?mod n__ if dp_-1_; =0 
= ar? mod nif dy_1-;, = 1. 


Then a”-! =r, mod n because 
a Ee (ec ( (alte ra a. 


This algorithm is polynomial since it requires only < 3{log, n] multiplica- 
tions mod n to find rx. It is an important ingredient of modern fast primal- 
ity tests using the Fermat theorem, its generalizations and (partial) converse 
statements. 

Fermat himself discovered his theorem in connection with his studies of the 
numbers F;, = 2?” + 1. He believed them to be prime although he was able 
to check this only for n < 4. Later Euler discovered the prime factorization 
F's = 4294967297 = 641 - 6700417. No new prime Fermat numbers have been 
found, and some mathematicians now conjecture that there are none. 

The history of the search for large primes is also connected with the Mer- 
senne primes M, = 2? —1 where p is again a prime. To test their primality one 
can use the following Lucas criterion: M;,(k > 2) is prime iff it divides L,_, 
where L,, are defined by recurrence: Ly = 4, Lj41 = L? —2. This requires much 
less time than testing the primality of a random number of the same order 
of magnitude by a general method. Mersenne’s numbers also arise in various 
other problems. Euclid discovered that if 2? — 1 is prime then 2?—1(2? — 1) is 
perfect i.e. is equal to the sum of its proper divisors (e.g.6 =1+2+3, 28= 
14+2+4+74+14, 496=14+2+4+4+45+416+4 31 4 624 124 + 248), and 
Euler proved that all even perfect numbers are of this type. It is not known 
whether there are any odd perfect numbers, and this is one baffling example of 
a seemingly reasonable question that has not lead to any number-theoretical 
insights, ideas or tricks worth mentioning here. 

Euler also knew the first eight prime Mersenne numbers (corresponding to 
p= 2, 3, 5, 7, 13, 19, 31). Recently computer-assisted primality tests have 
furnished many new Mersenne primes, e.g. in 1983 it was established that 
Mj,32049 iS prime. Its decimal expansion has 39571 digits.*? Records in this 
domain are described in Ribenboim P. (1988) and Zagier D. (1977). 


1.3. The Factorization Theorem and the Euclidean Algorithm. For in- 
tegers a,b we write alb if a divides b i.e., b = ad for some integer d. If p 


*)The largest known Mersenne prime (and in fact the largest explicitly known prime 
number) is Mgso433 = 2°°°49° — 1 (258716 digits; Gage and Slowinski, 1994). 
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is a prime and p® is the highest power of p dividing n we write p*||n and 
a = ordyn. The factorization theorem can be easily deduced from its corol- 
lary: if a prime p divides ab then either pla or p|b. Below we shall prove this 
property using the Euclidean algorithm. Knowing the prime factorizations of 
a and 6 one readily sees the existence and the explicit form of the greatest 
common divisor gcd(a,b) and the least common multiple lcm(a, b). Namely, 
put mp, = min(ord,(a), ord,(b)), gp = max(ord,(a), ord,(b)). Then 


gcd(a, b) = LI p”?, 


Iem(a,b) = LI". 


Again, the Euclidean algorithm allows us to prove the existence and to find ef- 
ficiently gcd(a, b) without even knowing the prime factorizations. Assume that 
a > b> 1. The algorithm consists of calculating a sequence x9, 21, X2,... 
where Xp = a, X; = 6 and 2;4; is the residue of z;_; modulo z;. One stops 
when xz, = 0; then xz,_1 = gcd(a,b). The number of required divisions is 
bounded by 5 log,) max(a, b) (Lamé’s theorem) (Knuth D.E. (1981), Wunder- 
lich M.C. (1985)). The slowest instances for the Euclidean algorithm are the 
neighbouring Fibonacci numbers a = uz, 6 = Up—1 where Up = Uy, = 1 and 
Uit1 = U; + U;-1. The Euclidean algorithm also furnishes a representation 


gcd(a,b) = Aa+ Bb (1.3) 


where A, B are integers. In order to find these, we shall consecutively define 
pairs (A;,B;) such that 2; = Ajzo + Bjx1. Put Ap = By = 1, Ai = Bo = 0 
and for i> 1 

Aiga = Aj-1—tA;, Biy1 = By_-1 — tB; 


where t is given by 7441 = 2;-1 —taz;. Since gcd(a, b) = x,_1 we can take A = 
Az-i1, B = By_}. Finally, if plab for a prime p and p does not divide a then 
gcd(a, p)=1 so that Aa+ Bp = 1 for some integers A, B. Hence Aab+ Bpb = b 
and p divides b. 


1.4. Calculations with Residue Classes. From the algebraic viewpoint, the 
set of integers Z is an associative commutative ring with identity. The general 
divisibility theory in such rings uses the fundamental notion of an ideal. An 
ideal J in a ring FR is a subset which is an additive subgroup with the property 
RIRC I. 

An ideal of the form I = aR, a € Ais called a principal ideal and is denoted 
(a). The divisibility relation a|b is equivalent to the inclusion relation 


(b)C (a) or b€ (a). 


Any ideal J of Z must be principal since its elements are all divisible by the 
smallest positive element of J. The maximal ideals (ordered by inclusion) are 
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precisely those which are generated by primes. The numbers having the same 
remainder after division by a fixed N, form N classes with pairwise empty 
intersections 

a=a+NZ, 0<a<N-l, 


the set of which also has a natural commutative associative ring structure 
with identity _ 
Z/NZ =Z/(N) = {0,1,...,N — 1}. 


We traditionally write a = b (mod N) in place of & = b. Often one succeeds in 
reducing some calculations in Z to calculations in an appropriate residue ring 
Z/NZ. Besides finiteness, one useful property of this ring is the abundance of 
invertible elements (while in Z there are only +1). Actually, @ is invertible iff 
gcd(a, N) = 1 since the equation ax+ Ny = 1 or, equivalently, @-% = 1 can be 
solved exactly in this case with integers x, y. The group of all invertible residue 
classes is denoted (Z/NZ)*. Its order y(N) is called Euler’s function. Euler 
introduced it in connection with his generalization of the Fermat theorem: 


a?(N) = 1(mod N) (1.4) 


for any a relatively prime to N, ie. a?) = I for any invertible element @ in 
Z/NZ. Euler’s conceptual proof shows in fact that in a finite Abelian group of 
order f the order of an arbitrary element a divides f. In fact, the map of the 
multiplication by a is a permutation of the set of all elements. The product 
of all elements is multiplied by af under this map. Hence af = 1. 

If N = N,N....N, and N; are pairwise coprime we have a canonical 
isomorphism 


Z/NZ™%Z/NiZ@...@Z/N,Z. (1.5) 


The main part of this statement is called the Chinese Remainder Theorem: for 
any a;mod N;, i=1,...,k there exists an a such that a=a; mod N; for 
all 7. Again, such an a can be efficiently found using the Euclidean algorithm. 
Put M; = N/N;. By assumption, M; and N; are relatively prime. Find xX; 
with X;M; =1mod N, and put 


k 
a= S| aiXiMij. (1.6) 
t=) 


This is what we sought. From (1.5) we deduce the corresponding factorization 
of the multiplicative group 


(Z/NZ)* = (Z/NiZ)* ®...@(Z/N,Z)*, (1.7) 


which shows in particular that y(N) = y(Ni)...y(Nx). Since for a prime 
p we have y(p*) = p*—!(p — 1) this allows us to find y(N) given the prime 
factorization of N. 

In the special case when N = gq is prime the ring Z/NZ is a field: all its 
non-zero elements are invertible. The group (Z/NZ)* is cyclic: it coincides 
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with the set of all powers of an element t = ¢, (it is not unique). No efficient 
(e.g. polynomial) algorithm for finding such a primitive root is known. Neither 
can one efficiently compute the “discrete logarithm”, (or index) x = ind;(a) 
defined for an invertible a mod gq by 


a=t* mod q, 0<x2<q-l. (1.8) 


It is an important unanswered question whether such polynomial algorithms 
exist at all. However, there are fast ways for calculating ind; if all prime 
divisors of g — 1 are small (cf. Koblitz N. (1987)). First of all, one computes 
for all p dividing q — 1 the residue classes 


Ppp = POP 5=0,1,...,p—-1 


lying in (Z/qZ)*. This can be efficiently done by the iterated squaring method 
(cf. 1.2). Let ap = ord,(q—1). It suffices to compute all the residues x mod p®? 
and then to apply the Chinese Remainder Theorem (1.5). We fix p, a = ap > 0 
and try to to find x mod p® in the form 


r=%ot+upt...+2%q-1p% ‘(mod p%), O0<2,<p-l. 


Since a!—! = 1 mod q the residue a(?~1)/? is a p*® root of unity. From a = 
t™ mod gq it follows that 


gi D/P = ¢2(a-1)/p = 420(9-1)/P = Tp,¢9(mod q). 


Therefore we can find the first digit x9 by computing a‘9~)/? and comparing 
it with the precomputed list of r,,;. In order to find the next digit 7, we first 
replace a by a, = a/t*°. Then we have 


ind;(a,) = ind,(a) — zp =2yp+...+2Xqp*"'(mod p%). 
As a; is a p® power we obtain from here aS?~/? = 1 mod q and 


q(t 1)/P" = t(t-20)(q—1)/p* = 4(a1+peet...)(a-1)/p = 401(9-1)/P = Tp,201° 


Therefore, one can discover x; by finding ght U/ ee: among the precomputed 
list of rp,;. One computes the other digits z; in the same way. The same list 
can be used for various a’s, q and t being fixed. This is the Silver—Pollig- 
Hellman algorithm, cf. Koblitz N. (1987). It becomes impractical if qg — 1 is 
divisible by a large prime because then the table of rp,; becomes too long. The 
difficulty of computing ind (and the general factorization problem) is utilized 
in cryptography (cf. Chapter 2 §1 and Hellman M.E. (1979), Adleman L.M., 
Rivest R.L., Shamir A. (1978), Odlyzko A.M. (1985), (1986)). 


1.5. The Quadratic Reciprocity Law and Primality Tests. Let p and q be 
odd primes. The main part of the quadratic reciprocity law first proved by 
Gauss, states that if p = q = 3mod 4 then the solvability of one of the 
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congruences z* = pmod q and x? =q mod p implies the insolvability of the 
other; in all other cases they are simultaneously solvable or unsolvable. Gauss 
used this in order to compile large tables of primes. 

To this end, he refined the primality test based on Fermat’s congruence 
(1.2). Namely, define the Legendre symbol (2) for a prime n by 


1 ifa=b* mod n, 


{ 0 if a=Omod n, 
—1 otherwise. 


Then from the cyclicity of (Z/nZ)* it follows that 


ge = (=) mod n. (1.9) 


If n is not prime we define the Jacobi symbol by multiplicativity: for an odd 
positive n = pjpo...p, where p; are primes, not necessarily distinct, put 


(2) = Ga) Ge) - 


Now formula (1.9), which holds for the Jacobi symbol when n is prime, can 
be used as a primality test. Actually, the Jacobi symbol can be extended 
to all values of the “numerator” and “denominator” and computed without 
knowing the prime factorization of n. This is done with the help of the extended 
quadratic reciprocity law 


@ (5) = (-1) SF? (1.11) 


(for odd positive P, Q) and two complements to this law: 


(5 = (-1)P-D/8, (=) See, (1.12) 


together with the multiplicativity property with respect to both “numera- 
tor” and “denominator”. The computation follows the same pattern as the 
Euclidean algorithm and requires < const -logmax(P,Q) divisions with re- 
mainder. A natural number n is called an Eulerian pseudoprime w.r.t. a if 
gcd(a,n) = 1 and (1.9) holds. Using the chinese remainder theorem, one can 
prove that if n is pseudoprime w.r.t. all a € (Z/nZ)* then n is prime. Thus, 
there are no Eulerian analogues of the Carmichael numbers. Moreover, it was 
recently argued that if n is composite then there is an a < 2lognloglogn 
such that n is not an Eulerian pseudoprime w.r.t. a (cf. Wagon S. (1986)). 
The congruence (1.9) is used in the modern fast primality tests which will be 
considered in Chapter 2 (cf. Adleman L.M., Rivest R.L., Shamir A. (1978), 
Miller G.L. (1976), Lenstra H.W. Jr. (1980), Vasilenko O.N. (1988)). 

The primality tests work much faster than all known methods for factor- 
izing “random” large integers. With the help of a computer, one can decide 
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whether a given 150-digit number is prime in a few minutes. However, it could 
take dozens of years of CPU time to factorize a particularly nasty 150—-digit 
number, even using the best modern algorithms and a supercomputer. For a 
250-digit number we would need billions years. 

To conclude this subsection we say a few words about a subject which 
has traditionally caught the attention of many unselfish amateurs of number 
theory: that of finding “a formula” for primes. Euler noticed that the polyno- 
mial x7? + x + 41 takes many prime values. However, it was long known that 
the values of an arbitrary polynomial f(11,...,2,) € Z[x1,...,£@,] at integer 
points cannot all be prime, e.g. because if p, q are two large primes, then 
the congruence f(21,...,2n) = 0mod pq is always solvable. Nevertheless, 
using methods from the theory of recursive functions, one can construct a 
polynomial (in fact, many) whose set of positive values taken at lattice points 
coincides with the set of all primes. The following specimen was suggested in 
Jones J.P., Sato D., Wada H., Wiens D. (1976). It depends on 26 variables 
that can be conveniently denoted by the letters of the English alphabet: 


F(a, b, c,d, e, f,g,h,1,9,k,l,m,n,0,p,q,7,8,t,u,v,W,2,Y,z) = 
(k+2){1—[wzth+j—q]?—[(gk+2g+k+1)(A+ 9) +h-—2]?- 
Qn+ptqt+z—e]? —[16(k +1)3(k+2)(n+1)? +1 — f?]?— 

[er (e +2)(a4+1)?+1- 07]? _ [(a? —l)jy?+1- ¢?|?— 

[16r2y4(a? —1)4+1- Vial ee 

[((a + u?(u? — a))* — 1)(n + 4dy)* +1 — (x + cu)?]?— 
(ntltvu—y)* —[(a? -—1)?@41-m?]? —-(ait+k+1-—-1-—i)?- 
[p+ a—n—1) + b(2an + 2a — n* — 2n — 2) — m)?- 
(g+y(a—p—1)+s(2ap + 2a — p* — 2p — 2) ~ a]? 

[z + pl(a — p) + t(2ap — p? — 1) — pm)?}. 


We also mention an inductive description of the sequence of all primes that 
can be derived by combinatorial reasoning (Gandhi J.M. (1971)): 


Pn41.= [1 — log, an] (1.13) 


mr —1)r" 
m=), a 


r=11<i1<...<ip<n 


where 


1.6. The Distribution of Primes. A first glance at a table of primes leaves 
an impression of chaos. For several centuries, mathematicians compiled large 
tables of primes in an attempt to see some order in them. Pell’s table (1668) 
lists all primes not exceeding 10°. Lehmer D.N. (1957) published his well 
known tables containing all primes up to 10’. In Pomerance C., Selfridge 
J.L., Wagstaff S.S. (1980) one can find all Fermat pseudoprimes n < 25 - 10° 
verifying the congruence 2"~! = 1 mod n. 
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Already the first tables allowed the experimental study of the statistical 
distribution of primes, which seemed to be more accessible at least asymptot- 
ically. Put 

n(x) =Card{p | p prime < zr}. 
The graph of this step function even up to x = 100 looks pretty regular. For 
x < 50000 where the jumps are hidden by the scale, the regularity is striking 
(cf. tables 1 and 2). 


20 
5000 

10 4000 (x) 
3000 

5 2000 
4000 

50 100 x 10000 20000 30000 40000 x 
Fig. 1 Fig. 2 


Computing z/7(x) we see that for large zx it becomes close to log x: 


Table 1 
10 4 2,5 
100 25 4,0 
1000 168 6,0 
10000 1229 8,1 
100000 9592 #10,4 
1000000 78498 12,7 
10000000 664579 15,0 


100000000 5761455 = 17,4 
1000000000 50847534 19,7 
10000000000 455052512 = 22.0. 


One sees that that when we multiply x by 10 the proportion of primes < x 
becomes approximately 2,3 ~ log 10 times smaller. Actually, the asymptotic 
law of the distribution of primes (or prime number theorem), 


(x) ~ 


Eee (1.14) 
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(meaning that the quotient of the two sides tends to 1 as x tends to infinity) 
was conjectured by the fifteen year old Gauss on the basis of his studies of the 
available tables of primes, and proved by analytical methods only in 1896 by 
Hadamard and Vallée-Poussin (Prachar K. (1957), Karatsuba A.A. (1975)). 
Before that, in 1850, P.L.Chebyshev (Chebyshev P.L. (1955)) found a very 
ingenious elementary proof of the inequality 

0,89 —— < x(z) <1, 1—_. 

log x log x 

For this he used only the divisibility properties of the binomial coefficients. 
The asymptotic law itself was finally proved in an elementary way in 1949 by 
Selberg and Erdos (Selberg A. (1951)). 

Gauss also suggested a much better approximation to 7(z). Computing 
his tables of primes he noticed that if one counts primes in sufficiently large 
intervals around a large zx their density tends to be close to 1/logz. For this 
reason he decided that a better approximation to 7(x) would be the integral 
logarithm | 

* dt 
Li(x) = ——, 
9 logt 
This observation was refined by Riemann (1892). Investigating the zeta- 
function he came to an heuristic conclusion that Li(x) should be a very good 
approximation to the function counting all powers of primes < x with the 
weight equal to the power, that is 


n(x) + =™(V/2) + =n( 2) +... Li(z). (1.15) 


If one wants to express 7(x) via Li(x) from here one should use the Mobius 
function 
1 if n=1, 
u(n) = ¢ 0 ifn is divisible by a square of a prime, (1.16) 
(—1)* otherwise, 
where k is the number of primes dividing n. Put 


(ee) 


F(z) =~ —n(at/M), (1.17) 
Then iss | 
n(x) => HO) ret, (1.18) 
and . 
n(x) & a) Li(x!/). (1.19) 
n=1 


The special case (1.18) of a general inversion formula easily follows from the 
main property of the Mobius function: 
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Ll, Af = 1 
d_H(d) = +s ifn >1° 20) 
d\n 


In fact, ifn = [];_, po, a: > 0 then for s > 1 we have 
he : _1\sf 8) _ a 18 
Saln) = 3-1)°(7) ==)" =0. 
d|n k=0 


The right hand side of (1.19) is denoted R(x). Table 2 (cf. Riesel H. (1985), 
Riesel H., Gohl G. (1970)) shows how well it approximates 7(z). 


Table 2 


100000000 


5761455 


5761552 


200000000 11078937 11079090 
300000000 16252325 16252355 
400000000 21336326 21336185 
500000000 26355867 26355517 
600000000 31324703 31324622 
700000000 36252931 36252719 
800000000 41146179 41146248 
900000000 46009215 46009949 


1000000000 


50847534 


50847455 


It is useful to slightly renormalize Li(x) taking instead the complex integral 


wert) = [ are (v #0). (1.21) 


—oo+iv 4 


For x > 2, li(x) differs from Li(z) by the constant li(2) + 1,045. The Riemann 
function 


R(x) = >° BO) (g/m) 
n=1 


is an entire function of logz. It can be expanded into a rapidly convergent 
power series 


CoO tm 
R(x) =1+ —_--—_—_—~. (1.22) 
»y m!m¢(m + 1) 
where z = e’, and 
((s)= oat = JT] a-py (1.23) 
n=1 p prime 


is the Riemann zeta function. Of course, this Riemann zeta function is the 
main hero of the story. Its properties, established or conjectural, govern the 
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behaviour of z(z). Riemann showed how to extend ¢(s) meromorphically to 
the whole complex plane ((1.23) converges only for Re(s) > 1) and deduced 
the astonishing explicit formula for m(z). This looks as follows: 


du 
Fo(x) = li(z “2 li(x?) ——————.. — log2 1.2 
se c +f (u? — 1)ulogu ee ee) 


where the sum is taken over all zeros p of ¢(s), and 


ae ) = lim HF) 4 Fee) 


The formula (1.24) was published by Riemann in 1859 and proved by Man- 
goldt in 1895. The series in (1.24) is only conditionally convergent. If one 
excludes the “trivial zeroes” p = —2, —4, —6,... whose contribution is insignif- 
icant the remaining summation should be made in the order of increasing |p]. 
The set of non-trivial zeros is symmetric with respect to complex conjugation 
and lies in the critical strip 0 < Re(s) < 1. The first five roots with positive 
imaginary part, up to eight decimal digits, are (Zagier D. (1977), Riesel H. 
(1985), Riesel H., Gohl G. (1970)) 


Pi =; + 14, 1347352, 
p2 =5 + 21, 0220402, 
P3 =; + 25, 0108562, 
pa =; + 30, 4248783, 
ps = ; + 32, 9350572. 


Put 6 = sup Re(p). From (1.24) it follows that 
n(x) — li(x) = O(z° log 2). (1.25) 


This estimate would be non-trivial if we knew that 6 < 1. Unfortunately, it is 
only known that there are no roots on Re(s) = 1 and in asmall neighbourhood 
of this line whose width tends to zero as |s| grows (Prachar K. (1957)). The 
famous Riemann hypothesis, that all non-trivial roots lie on the line Re(s) = 
5, is still unproved. A corollary of this would be 

n(x) = li(x) + O(2'/? log 2). 


These questions, however, lie far outside elementary number theory. 
We shall return to the Riemann—Mangoldt type explicit formulae below, cf. 
Part 2, Chapter 4, §2. 
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2.1. The Equation ax + by = c. In this section, all coefficients and inde- 
terminates in various equations are assumed to be integers unless otherwise 
stated. Consider first a linear equation with two indeterminates. The set 


I(a,b)={e | ax+by=c _ is solvable} 


coincides with the ideal generated by a and 6 that is, with dZ where d = 
gcd(a, b). It follows that the equation 


ax +by=c (2.1) 


is solvable iff d divides c. A special solution can be found with the help of 
the Euclidean algorithm: first compute X, Y with aX + bY =d and then put 
xo = eX, Yo = eY where e = c/d. One easily sees that the general solution is 
given by the formula 


xr=29+(b/d)t, y=yo—(a/d)t, 


where ¢ is an arbitrary integer. 
Equation (2.1) is the simplest example of the general Diophantine problem 
of investigating systems of polynomial equations 


Py Giytesetaye 0, obey Pyatiggta) = 0 (2.2) 


with integral coefficients. We see that all the main questions can be effectively 
answered for (2.1): the existence of solutions, computation a single solution, 
description of the set of all solutions, counting solutions in a box etc. We shall 
consider more complicated instances of (2.2) and attempt to extend these 
results. 


2.2. Linear Diophantine Systems. The Euclidean algorithm allows us to 
investigate in the same way a general linear Diophantine system 


Az = b, (2.3) 


Qii 412 *** in L1 by 
A= eee eee a eee € Mm n(Z), } eee : b= | 

Gm1 QAm2 °** Amn In bn 
This can be done with the help of the elementary divisor theorem. Recall 
that an elementary operation on the rows of a matrix over Z adds to one row 
an integral multiple of another. One defines an elementary column operation 
similarly. An elementary operation is equivalent to multiplication of the initial 
matrix on the left (resp. on the right) by a matrix of the form E,; = E+ Ae; 
belonging to SL,,(Z) (resp. SL,(Z)). By repeated application of elementary 
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operations we replace A by UAV where U and V are unimodular matrices 
with integral entries. On the other hand, the system 


UAVy = Ub (2.4) 


is equivalent to (2.3) since their solutions are in one-to-one correspondence: 
x = Vy. We can use this if we manage to replace A by a simpler matrix A’ = 
U AV. In fact, using the Euclidean algorithm and a version of the Gaussian 
elimination procedure avoiding divisions, one can find a matrix A’ of the form 


d, 0 0... 0 
0 d 0 ... 0 
D=|... ... %. .. 9 | =UAV. (2.5) 


Hence we either see that our system has no solutions even in Q, or we obtain 
the set of all rational solutions from the very simple system d;y; = c;, c=Ub 
fori <r, y; = 0 for the other 7. The set of integral solutions is non-empty 
iff d; divides c; for 1 < r, and can then be parametrized in an obvious way. 
The product d;-...-d; coincides with gcds of all minors of A of order 7 and 
d;|dj41. They are called the elementary divisors of A. It follows that (2.3) is 
solvable iff the elementary divisors of A of orders < m coincide with those of 
the extended matrix (with the column b added). In turn, this is equivalent to 
the simultaneous solvability of the congruences 


Az = b(mod N) 


where JN is an arbitrary integer. Such a condition can be readily extended to 
a completely general system of Diophantine equations. Clearly, it is necessary 
for the existence of a solution. Our investigation shows that for (2.3) it is 
also sufficient. When this is true for a class of equations one says that the 
Minkowski-Hasse principle is valid for this class. The question of the validity 
of the Minkowski—Hasse principle is a central problem in this theory. We shall 
discuss it below in 2.4 and in Part II, Ch. 2, §5, Ch.3, §3. 

More difficult problems arise if one wants to find “the smallest solution” 
to (2.3) with respect to some norm. These questions are considered in the 
geometry of numbers. Siegel (Siegel C.L. (1929), Fel’dman N.I. (1982)) has 
shown that the system of linear equations 


QijX1 +... + Ainen = 0 (i =1,...,m) 


with n > m in which the integers a,; are bounded by B has a non- 
trivial integral solution with coordinates bounded by 1 + (nB)™/("-™), If 
the rows of A = (a,;) are linearly independent and d denotes the gcd of 
the minors of order m of A, one can obtain the more precise upper bound 
(d-1,/det (AtA))!/("-™), This estimate and its generalization to algebraic 
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number fields was proved by Bombieri and Vaaler (1983) using fairly subtle 
results from geometric number theory (Minkowski’s theory of the successive 
minima of quadratic forms, cf. Cassels J.W.S. (1959a)). 

For applications, it is essential to develop efficient methods for finding so- 
lutions of a linear Diophantine system with non-negative coordinates. This is 
the central problem of integral linear programming. It belongs to the class of 
intractable problems i.e. those for which polynomial algorithms are not known. 
The intractability of the knapsack problem has been used in cryptography (see 
Ch.2). It consists of finding a solution of the equation a127; +...+ 4,2, = 6 
with x; € {0,1} where a;, b are given integers (see Koblitz N. (1987), Lenstra 
H.W. Jr. (1984)). 


2.3. Equations of Degree Two. Consider the following Diophantine equa- 
tion with integral coefficients 


n n 
f(21, O48 xh ee = > AigLiLj + 3 b,x; +c=0. (2.6) 
ij | 


Here we shall begin by finding the set of all rational solutions, which is easier 
than finding the integral solutions but far from trivial. 
A classical example is furnished by the rational parametrization of the circle 
Pi. 0 
x+y =1: 


ot 1 —¢? 


Gs Toe z= Te (x = cosy, y=siny, t = tan (=)). (2.7) 


This parametrization allows us in turn to describe all primitive Pythagorean 
triples (X,Y, Z), that is, natural solutions of X°+Y? = Z? with gcd( X, Y, Z) 
= 1. The answer is: X = 2uv, Y = u2 —v*, Z = u? + v?, where u > v > 0 
are relatively prime integers of opposite parity. To prove this it suffices to put 
t = u/v in (2.7). 

Similarly, finding rational solutions to (2.6) is equivalent to finding integral 
solutions to the homogeneous equation 


F(X, X1,.-.,Xn) = S> Fig Xi Xz 
a : (2.8) 
= S> fig XiXj +2 S- fioX:Xo + fooXs 
el (fel 


where ti = Tis = ai; /2 for 1 < ~< q < nm and foi = fio = b; /2 for 1 = 
1,2,...,n, foo = c. The non-homogeneous coordinates 11,...,2n are related 
to the homogeneous coordinates Xo,...,Xn by X; =xjX9 (1 =1,2,...,n). 
The quadratic form F(X) can be conveniently written as 


FOE K Ap. KS ip): 
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where Ar = (fi;) is the matrix of coefficients. If there exists a non-trivial 
integral solution to F(X) = 0 we say that F’ represents zero over Z. This 
equation defines a quadric Qr. Its points are all complex solutions (except 
the trivial one) considered as points in the complex projective space CP”: 


Or = {26.0 212 ess en) CPR” || Pei Ziseey ea) HO}: 


Any non-trivial rational solution of F(X) = 0 gives a point on this quadric. 
If we know one solution Xo then we can find all the others by considering 
intersections of Qr with the (projective) lines defined over Q and containing 
Xo. Algebraically, a line passing through X° and Y° consists of all points 
uX° +vY°. The equation F(uX® + vY°) = 0 reduces to 


wa 


In general, not all the partial derivatives Be vanish at X°. If this is the case, 
then for any Y° we can find an intersection point of Q with our line: 


)¥o+u?F(Y°) =0 


v= “uy (x /F(Y°). (2.9) 


(If by chance F(Y°) = 0 then Y° is already on Qr). Again, this point will in 
general be unique. Limiting cases can be well understood in geometric terms: 
if all partial derivatives vanish at X° then our quadric is a cone with vertex 
X°, and the problem is reduced to that of finding rational points on the base 
of the cone, this base being a quadric of lower dimension; if a line happens 
to lie entirely on Qp then all its rational points should be taken into account 
etc. 

This stereographic projection method, applied to x? + y* = 1 and the point 
(0,-1) gives precisely (2.7) if one denotes by ¢ a coefficient of the equation of 
the line passing through (0,-1) and (z,y): y+l=tz. 

Considering the equation 


PX hy Maxis 0 (2.10) 


(with F as in (2.8)) over the rationals, we could alternatively begin by 
diagonalizing F’ by a non-degenerate linear substitution X = CY where 
C € Mn+i(Q). The matrix C can be found effectively by Lagrange’s method 
of successively completing the squares. The previous geometric analysis then 
becomes quite transparent. 

For homogeneous equations such as (2.10) the problems of finding solutions 
in Q and in Z are essentially equivalent. Since we can find all solutions starting 
from one of them, the key question is that of deciding whether there is one. 
An answer is given by the following result. 
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Fig.3 


2.4. The Minkowski—Hasse Principle for Quadratic Forms. 


Theorem. A quadratic form F(21,2%2,...,2n) of rank n with integral co- 
efficients represents zero over the rationals iff for any N, the congruence 
F(x1,...,2n) = 0 (mod N) has a primitive solution and in addition F rep- 
resents zero over the reals, i.e. it 1s indefinite. 


For a general proof see Borevich Z.I., Shafarevich I.R. (1985), Cassels 
J.W.S. (1978). Of course, the necessity of this condition is obvious. 

We reproduce here the beautiful proof of sufficiency in the case n = 3 
due to Legendre (Borevich Z.I., Shafarevich I.R. (1985), Ireland K., Rosen M. 
(1982)). Let 

F= a,x? + a2rs + a3x3 (a,a2a3 # 0). 


Since F is indefinite we may assume that the first two coefficients are 
positive while the third one is negative. Furthermore, we can and will assume 
that they are square-free and relatively prime: this may be achieved by obvious 
changes of variables and by dividing the form by the gcd of its coefficients. 
Denote the form with such properties by 


ax? + by? — cz. (2.11) 
Consider a prime p dividing c. Since F = 0(mod p) has a primitive solution, 
we can find a non-trivial solution (xo, yo) to the congruence ax? + by? = 
O(mod p). Therefore 
ax + by? = ayy ?(ryo + yZo)(xYo — yZo) (mod p). 


For p = 2 we clearly have 


ax? + by? — cz? = (ax + by — cz)” (mod 2). 
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Hence for all p|2abc we can find linear forms L®), M) of x, y, z with integral 
coefficients such that F = L*)M?)(mod p). Using the Chinese Remainder 
Theorem, we find L (resp. M) with integral coefficients congruent to those of 
L') (resp. M?)) (mod p) for all plabc. We then have 


ax? + by” + cz? = L(x, y,z)M(z, y, z) (mod abc). (2.12) 
Consider now the integral points in the box 
O0<xr<vbe, 0<y< Vac, 0<2z< Vab. (2.13) 


If we exclude the trivial case a = b = c = 1, not all square roots are integers 
so that the total number of points will exceed the volume of this box which 
is abc. Hence there are two different points where LZ takes the same value 
mod abc. Taking their difference, we find 


L (20, Yo, 20) = 0 (mod abc) (2.14). 
for some |zo| < Vbe, |yo| < Jac, |z0| < Vab. Hence 
| axe + by? — cz2 =0 (mod abc) (2.15) 


and 
—abe < ax? + by — cz < abe. 


It follows that either 
ax? + by? — cz = 0 (2.16) 


or 
axz + bye — cz? = abe. (2.17) 


In the first case the theorem is proved. In the second case we obtain the 
following non-trivial solution 


a(xoz + byo)? + b(yoz% — aro)? — e(ze + ab)? = 0. 


Legendre’s original statement is that ax” + by? — cz? = 0 is solvable iff all the 
residue classes bc (mod a), ac(mod b),  —ab (mod c) are squares. 

One can prove that an indefinite quadratic form of rank > 5 always repre- 
sents zero over the rationals. For smaller rank, the Minkowski-Hasse principle 
can be combined with an a priori minimization of the moduli to be tested 
to give an effective way of establishing the existence of a solution. Below we 
shall reformulate this approach using the more convenient language of p-adic 
numbers (cf. Part II Chap. 2 §2.5, 3.1, Chap. 3 §3.4). 


2.5. Pell’s Equation. For non—homogeneous problems, the difference be- 
tween rational and integral solutions becomes essential. For example, consider 
Pell’s equation 

x? — dy* = 1, (2.18) 
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where d is a positive integer (and not a square). Since we know one trivial 
rational solution (1,0) the others can be easily found by the method described 
above. However, to obtain only integral solutions we must act in a totally 
different way. 

First of all, assume that the set of non-trivial integral solutions is non— 
empty (in fact, this can be proved by various methods). It is sufficient to 
consider only Glutton: with positive coordinates. We shall call such a solution 
(x1, y1) minimal if the linear form x + Vdy takes its minimal value on it. This 
solution is unique since Vd is irrational. The central result of the theory of 
Pell’s ae states that all solutions are of the form (+z,,+y,) where 
tn + Vd dyn = (41 + Vd dy,)", n being an arbitrary non—negative integer. 

The most natural proof, which admits a far-reaching generalization, is based 
on studying the quadratic field K = Q(Vd) = {a + bVd | a,b € Q}. The set 
A=Z+2ZVd is a subring in K. The norm of a = a+ bv 4d is by definition 

N(a) = Nx/o(a) = a? — db’. 
Clearly, 

N(aZ) = N(a)N(6) (2.19) 
for all a, @ € K. Solutions of Pell’s equation are numbers a € A with norm 
1. From (2.19) it follows that they form a group (with multiplication as the 
group law), in which the positive elements form the cyclic subgroup generated 
by 21 + yi Vd. 

In classical papers several methods were suggested for finding the minimal 
solution, or at least some solution. One of these algorithms is based on approx- 
imation theory (cf. 84 below). Dirichlet in 1837 published explicit formulae 
giving some solutions of Pell’s equation expressed through trigonometric func- 
tions. For example, for d = 13 his general formulae show that 21 +y1V13 = 7? 


where QT 57 67 


sin =. sin Sars sin a 
13 13 13 

> ae ae Se 
Slll 35 13 sln 75> 13 sin 13 


(cf. Dirichlet P.G.L., Dedekind R. (1968), Borevich Z.I., Shafarevich IR. 
(1985), Mazur B. (1983)). In 1863 Kronecker published an expression for 
t1 + y:Vd via special values of elliptic functions (cf. Kronecker L. (1863), 
Siegel C.L. (1965), Weil A. (1976), Vladut S.G. (1991)). 

Finally, it is worth mentioning that a general quadratic Diophantine equa- 
tion in two variables over the integers may be reduced by linear substitutions 
to a Pell-like equation if one solution is known. 


2.6. Representation of Integers and Quadratic Forms by Quadratic Forms. 
Consider two quadratic forms with integral coefficients 


Tb) a F (Viscios ey) = s Qij0;2; = Alz] = x’ Az, 


i,7=1 


9(y) = 9(¥ay--+1¥m) = >, digyiys = Bly] = y'By, 


i,j=1 
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where A and B are symmetric matrices. We shall say that f represents g over 
Z if for some C € M, m(Z) we have 


f(Cy) =g(y), or, equivalently A[C] = B. (2.20) 


In particular, form = 1 and g(y) = by’, f represents g iff f(c1,...,¢n) = b 
for some integers cj,...,Cn- 

Pell’s equation considered above is a special case of the much more difficult 
general problem of representing integers and quadratic forms by quadratic 
forms. We shall sketch below some results and approaches to this vast domain. 

Lagrange proved that every positive integer is a sum of four squares. A 
more difficult result due to Gauss states that b > 0 is a sum of three integer 
squares iff it is not of the form 4*(81—1), k,l € Z. Lagrange’s theorem can 
be easily deduced from this fact (cf. Serre J.-P. (1970), Cassels J.W.S. (1978)). 

Put | 

ry(n) = Card{(nj,...,nk) € ZF | n?+...4+n2 =n}. (2.21) 
For example, r2(5) = 8, as one may convince oneself by listing all solutions. 
There exist many formulae for this arithmetical function (cf. a vast bibliog- 
raphy in Kogan L.A. (1971)). Most of them are descendants of the classi- 
cal formula of Jacobi (Mumford D. (1983), Serre J.-P. (1970), Andrews G.E. 
(1976)) 
8\ od, if n_ is odd, 

d|n 


24 S- d, if mn is even. 
d|n,d=1(2) 


r4(n) (2.22) 


The proof is based on a study of the generating function for the sequence 
r.(n), that is, the series 


1.0) 


rein = SY _gtttnbtnt = a(e 
n=0 (n1,...,2% EZ 
where ; . 
ar)= dog", get, i228) 
neEZ 


This theta—function is a holomorphic function on the complex upper half- 
plane H = {r € C | Im(r) > 0}. It has many remarkable analytic properties. 
They can be summarized by saying that 64(7) is a modular form of weight 2 
with respect to the group I[o(4) where 


rm = 4(! 4 E SL(2,Z) 


This means that the holomorphic differential 64(7)dr is invariant with respect 


ne} , (2.24) 


to the substitutions tT +> (at + b)(cr + d)~! for every matrix . 4 in 
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Io(4). Modular functions will be considered more systematically in Part II, 
Ch. 4, 83. The space of all such differentials is two-dimensional, and one can 
construct a basis of this space with the help of Eisenstein series whose Fourier 
coefficients are more or less by construction certain divisor sums. Examining 
the first two coefficients of the series one finds an expression for 64(7) as 
a linear combination of the Eisenstein series. On comparing coefficients one 
obtains (2.22). This method is very general. When the number of squares 
grows one has to take into account not only the Eisenstein series but also 
cusp forms whose Fourier coefficients have a more complicated arithmetical 
nature but in many cases allow a non-trivial direct interpretation. If one 
manages to construct an explicit basis of the relevant modular forms, one can 
then express the theta-series of a quadratic form f(x ,...,2,~) = Al[z] with 
respect to this basis 


© @) 
O(7;f) = S> e(f(a)r) = So r( fina” (2.25) 
reEZk  n=0 
where 
e(r) = exp(27iT) = q, 
r(fjn) = Card{x € Z* | f(x) =n}. 
This theta-series is a modular form of the weight k/2 with respect to a con- 
gruence subgroup of the modular group. 

We quote as an example a formula proved by A.N.Andrianov (Andrianov 
A.N. (1965), Fomenko O.M. (1977)). Let f = 2? + y? + 9(z2 + t?). The theta- 
series of this form is a modular form of weight 2 w.r.t. I9(36). For any prime 
p # 2,3 we have 


p—1 3 
r(fip) = 3@+1)-5 (=) (2.26) 


p 
x=0 
where the sum in the right hand side contains the Legendre symbols, cf. 1.4. 


Generating functions are traditionally used in combinatorics and the theory 
of partitions. The simple partitions of n into sums of non-increasing natural 
summands are counted by the partition function p(n): 


pl)=1 : 1=1; 

p(2) =2 9=2, 141; 

p(3)=3 : 3=3, 241, 14141; 

p4)=5 : 4=4, 341, 242, 24141, 1414141; 
p5)=7 : 5=5, 441, 342, 34141, 24241, 


eid Data Sik 


Its generating function satisfies the Euler identity (Chandrasekharan K. 
(1970), Andrews G.E. (1976)): for |g| < 1 one has 


1+) pln)a" = TT 9"). (2.27) 
n=1 m=1 
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To prove this, it suffices to represent the r.h.s. as the product of the power 
series and to notice that p(n) is the number of solutions of a linear Diophantine 
equation with an infinite set of non-negative indeterminates 


Qa, + 2a92 + 3a3+...= 


Remarkably, the theta-series of certain quadratic forms are also connected 
with certain infinite products similar to (2.27). For example, if |q| <1, z #0 
we have (Andrews G.E. (1976)) 


> zrqr = I (1 = gi )\4 a zg") (1 ee a ie (Jacobi), 


ore ore’ 
S> gr(n+1)/2 _ Il (1 as g™)(1 i gn) (Gauss). 
n=0 m=1 


These identities follow from a more general result of Cauchy, valid for |q| < 
1, |t]}<1,a€C: 


oh = 40). (1—ag?™")t? _ > (1 —atq™) 
oa Te —q?)...(1—4q”) =I] (1 —tg™) © es) 


Recently this list of such identities has been greatly enlarged, thanks to the 
discovery that they are connected with the representation theory of the simple 
Lie algebras, root systems and with characters of finite simple groups (Mac- 
donald I.G. (1980)). 


m=0 


2.7. Analytic Methods. Generating functions are also used to obtain various 
asymptotic formulae for functions like r(f;n) and p(n) as n — oo. In particu- 
lar, many results have been derived using the Hardy-Littlewood circle method, 
its variants and generalizations (Vinogradov I.M. (1952), (1971), Vinogradov 
I.M., Karatsuba A.A. (1984), Malyshev A.V. (1962), Hua Loo—Keng. (1959), 
Vaughan R.C. (1981)). 

The application of this method to a generating function 


= J a(n)q” = (q = e(r) = exp(2zi7)) 


starts with Cauchy’s formula: 


1 
—n—1 
a(n) = Ori F eee F (r)q dq (2 29) 


The following discussion can be efficiently applied to many situations when 
the unit circle is the natural boundary for the function F(7) and roots of 


unity on this boundary behave as “the worst essential singularities” (to get 
some feeling for this, look at the r.h.s. of (2.27)). The idea is to break the 
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integration domain into two parts: J; (the contribution of roots of unity of 
comparatively small degree) and Iz (everything else) and to attempt to prove 
that Jz is much smaller than J;. To understand the asymptotic behaviour of [; 
and to majorize Jz one often uses exact or approximate functional equations 
for F'(r), Poisson summation etc. 

For example, to estimate p(n), Hardy, Littlewood and Ramanujan put r = 
e~2n/n* Th terms of 7, they integrated over the segment L, = {rt = rt+iy|0< 
x <1, y = 1/n*}, which they divided up as follows: I, is the union of the 
pairwise disjoint segments By,q = {x | |x — p/q| < 1/2qn® (6 > 1)} where p/q 
runs through the rational numbers between 0 and 1 with denominator < n; 
In is the complement of J. 

For (2.27) this furnishes the Hardy-Ramanujan asymptotic formula 


K An 


€ 


p(n) = aV/3r2 
An = Yn — 1/24, K =7/2/3 


(cf. Chandrasekharan K. (1970)). Later this method was perfected by K.Rade- 
macher who gave an exact formula for p(n) as an infinite sum whose summands 
correspond to (all) roots of unity. 

In one of the most recent applications of the circle method to the the- 
ory of quadratic forms, A.V.Malyshev (1962) proved the following result. Let 
k > 4, f(x1,...,2,%) a positive quadratic form with integral coefficients and 
determinant d. Then as n — oo we have 


k/2 


+ O(e** /d3), 


where 


n3—!H(f; n) + O(d'k+12)/8n(k-1)/4te) 


Here the constant in O depends only on k and « > 0 and H(f;7) is the so 
called singular series. This series is obtained in the process of computing of 
the contribution of J; as an infinite product over all primes including the 
“infinite prime”: | 

A(f;n) = Tol(fin) [[ (fin), 


p 
where 


rp(fin) = lim p-™*"YCard{x € (Z/p™Z)* | f(x) =0 mod p™} 


and Too(f;n) is a certain “real density” of the solutions of f(z) =n. 

It follows that if n is sufficiently large and is representable by f modulo all 
prime powers, then it is representable by f. This method however does not 
work for 2 or 3 variables, where more subtle approaches are needed (cf. Linnik 
Yu.V. (1979), Golubeva E.P., Fomenko O.M. (1977), Lomadze G.A. (1978)). 

The circle method was considerably modified and perfected by I.M.Vi- 
nogradov (Vinogradov I.M. (1952), (1971), Vinogradov I.M., Karatsuba A.A. 
(1984)) who suggested replacing generating functions by exponential sums, 
which are essentially their partial sums restricted to the unit circle, e.g. 
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On(r;f)= Sd) e(f(z)r). (2.30) 


As a function of the real variable 7 this sum oscillates vigorously and has 
local maxima (of its modulus, real, and imaginary: parts) at rational numbers 
with small denominators. This behaviour reflects the singular behaviour of the 
generating function in the vicinity of its natural boundary but is much less 
wild and more easily controllable. This is one of the reasons for the success of 
Vinogradov’s method. | | 

Figures 4 and 5 show the (scaled) graphs of the two simplest exponential 
sums featuring this behaviour. 


NA ih 


TTA 


Fig. 4. y(r) = “h_5 cos(2m&r) 


Instead of Cauchy’s formula (2.29), one uses in Vinogradov’s method the 
integral formula 


1 
/ On(7; f)e(—nr)dr = Card{x € ZF | f(x) =n, |x;| < N} (2.31) 
0 

which follows directly from the orthogonality of the basic exponential func- 
tions. 

Vinogradov’s version of the circle method enabled him to prove that ev- 
ery large odd integer is a sum of three primes (Goldbach conjectured in 1742 
that every even integer is a sum of two primes) and to considerably dimin- 
ish the number of summands in Waring’s problem (1770) on the representa- 
tion of large integers as sums of k-th powers in comparison with the original 
Hilbert’s solution of this problem (cf. Hilbert D.). A recent improvement on 
Vinogradov’s bound due to Karatsuba (1985) is k(2log k + 2 log log k + 12).*) 


*) A new result for G(k) asymptotic to klogk has been obtained in 1993 (Vaughan 
R.C., Wooley T.D.). 
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Fig. 5. y(r) = yes sin(2n 4-7) 


Further details of analytic methods are outside the scope of this report and 
we refer the interested readers to the monographs Vinogradov I.M. (1971), 
Vinogradov I.M., Karatsuba A.A. (1984), Postnikov A.G. (1971), Arkhipov 
G.I., Karatsuba A.A., Chubarikov V.M. (1987), Hua Loo—Keng. (1959), Chan- 
drasekharan K. (1970), Vaughan R.C. (1981) and others. We should mention 
only the wide applicability of formulae of the type (2.31) counting various 
numbers of solutions and the important role of exponential sums like (2.30) 
in arithmetical problems (Gauss sums, Jacobi sums, Kloostermann sums etc., 
cf. Ch.2, §2). 

More generally, harmonic analysis is now used in number theory in its non - 
commutative and multi - dimensional versions. For example, the construction 
of the Hecke basis in the space of modular forms which is orthonormal with 
respect to the Petersson inner product (scalar product) can be considered as a 
two-dimensional analogue of the orthogonality relations for the exponentials 
mentioned above (Part II, Ch. 4, §3). 


2.8. Equivalence of Binary Quadratic Forms. Two quadratic forms over 
the integers f, g are called equivalent (over Z) if they represent each other 
(cf. 2.6). We shall denote a binary quadratic form f(x,y) = Az? + Bry + Cz? 
also (A, B,C’). Such a form is called primitive if A, B and C have no common 
factor. Its discriminant is denoted A = B? — 4AC. Two forms f and g are 
called properly equivalent if we have 


f(x,y) = g(ma + ny, kx + ly) 


for an appropriate matrix 
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: € SL2(Z). 


Gauss founded the equivalence theory of binary quadratic forms. He proved 
that if A is not a square, then the set Cl(A) of proper equivalence classes of 
forms with discriminant A can be made into a finite Abelian group with re- 
spect to a natural composition law. (Actually, this was one.of the first abstract 
Abelian groups discovered in number theory). 

In order to define this composition law in modern terms, consider the 
quadratic number field K = Q(VA) = Q(Vd) = {x+yVd | x,y € Q} where d 
is a square-free integer. We have A = Dc? where D is the discriminant of the 
quadratic field K, D=difd=1mod 4 and D = 4d otherwise. An element 
a=x2+yvVd € K is called an integer if its trace 2x and its norm x? — dy” are 
integers. The set of all integers in K forms a ring 


O=< lw >={m+nw |m,neé Z}, 


where w = Vd if d = 2,3mod 4 and w = (14+ Vd)/2 if d =1mod 4. For 
any integer c we can define a subring O, = Z+ cO =< 1,w >. A fractional 
ideal M over O, is a free additive subgroup of K with two generators which 
is stable with respect to multiplication by elements of O,.. The product of 
two fractional ideals is, by definition, the subgroup generated by the products 
of elements from one ideal with elements of the other. The fractional ideals 
form an Abelian group with identity O,. To each such ideal M corresponds 
a quadratic form with discriminant D = dc? which can be constructed as 
follows. Define the norm of M by N(M) = Card(O,/M). Choose a basis 
{a, 8} for M in such a way that y = —G/a=a2+ yd satisfies the condition 
y > 0. Then the quadratic form in question is 


N(ax + By) 


ot, ee Ores 
f(x,y) = Av’ + Bry+Cy N(M) 


One can check that this is a primitive integral form. 

Two fractional ideals M and My are called equivalent in the narrow sense 
if M = yM, for some y € K with positive norm. The equivalence classes 
of fractional ideals correspond bijectively to the proper equivalence classes of 
primitive binary forms of discriminant Dc*. Multiplication of the fractional 
ideals induces a group structure on this set. The identity of this group is 
represented by the quadratic form (1,0,-A/4) (resp. (1,1, (1 — A)/4) if A is 
even (resp. odd). In computations it is convenient to work with the reduced 
forms (A,B,C) for which A > 0, -A < B< A, ged(A, B,C) = 1. If A < 
0 then the group Cl(A) is trivial exactly for the following values: —A = 
4,8, 3,7, 11,19, 43, 67,163 (c = 1); 16,12,28 (ec = 2); 27 (ec = 3) (cf. Part II, 
Ch. 3, §4.1). 
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3.1. The Problem of the Existence of a Solution. For cubic forms F(X, Y, Z) 
in three variables with integral coefficients, nobody has succeeded in devising 
a general algorithm which provably decides whether the equation F = 0 has a 
non-trivial integral solution. Large classes of such equations have been studied 


both theoretically and numerically; see for example the early influential papers 
Selmer E.S. (1951) and Selmer E.S. (1954) devoted to the equations 


aX? + bY? + cZ> =0. 


Even some of the simplest equations like 3X? + 4Y% + 5Z% = 0 fail to satisfy 
the Minkowski—Hasse principle: they have no non-trivial integral solutions 
although they do have both real solutions and primitive integral solutions 
modulo any N > 1. The degree of such failure can be measured quantita- 
tively by the Shafarevich-Tate group: cf. Part II Chapter 3 §3 below. Recently 
D.R.Heath-Brown (1984) has shown that any non-singular cubic form in ten 
variables represents zero non-trivially, and C.Hooley (1988) has established 
the Minkowski—Hasse principle for non-singular nonary cubic forms (a form 
is called non-singular if it and all its first partial derivatives have no common 
non-trivial complex zeroes). Previously Davenport and Birch had shown that 
there exist non-singular cubic forms in nine variables which do not represent 
zero modulo a power of every prime. 

Birch (1962) established that forms of any odd degree d represent zero if 
the number of variables is sufficiently large (with the bound depending only 
on d). These results have since been generalized, extended and made more 
precise by several authors, in particular W. Schmidt. They are proved by the 
circle method. 


3.2. Addition of Points on a Cubic Curve. Any ternary cubic form 
F(X,Y,Z) defines a cubic curve C in the complex projective plane P?: 


C={(X:¥:Z)| F(X,Y,Z) =0}. (3.1) 


If C (that is, F') is non-singular, and if F’ = 0 has at least one rational 
solution, then one can find a non—degenerate change of projective coordinates 
with rational coefficients which reduces F to a Weierstrass normal form 


Y°Z—X*-—aXZ*?-bZ> = (a,bE Q). (3.2) 


One may also assume that the initial solution becomes the obvious solution 
(0: 1:0) of (3.2). The non-singularity condition for (3.2) is equivalent to the 
non-vanishing of the discriminant 4a° + 27b?. Non-singular cubic curves are 
also called elliptic. Passing to non-homogeneous coordinates x = X/Z,y = 
Y/Z we reduce F' = 0 to the form 


y° =a +axr +b, (3.3) 
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where the cubic polynomial in the r.h.s. has no multiple roots. In this affine 
form, our initial solution becomes the infinite point O. There is a beautiful 
geometric description of a composition law on the set of rational points of 
C making it an Abelian group with O as identity (or zero). This is called 
the secant-tangent method (cf. Shafarevich I.R. (1988), Cassels J.W.S. (1966), 
Koblitz N. (1984)). Namely, for a given pair of points P,Q € C(Q), we first 
draw a line containing them both. This line also intersects C at a well-defined 
third rational point P’. Now we again draw a line through P’ and O. Its third 
intersection point with C is, by definition, the sum P+ Q. If P = Q, the first 
line to be drawn should of course touch C at P. 


Fig. 6 Fig. 7 


Calculating in non~homogeneous coordinates P = (11,y1), Q = (2, y2) 
one finds P + Q = (23, y3) where 


2 
m= ~~ 2 + (BB) ; 


a1 22 (3.4) 
eae ee oe 
US ae (x1 — 23) — y1. 
In the limit case P = Q we have instead 
322 +a\" 3x7 +4 
T3 1+ ( Oy ) » ¥3 ve (v1 —Za)+y (3.5) 


If 1; = £2 and y; = —y2 then P+ Q = O, the infinite point which is zero for 
the group law. 

This method allows us to construct new rational points starting with some 
known ones. They will be the elements of the group generated by the initial 
points, e.g. mP, m € Z, if just one point P (except O) was found initially. 
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For singular cubic curves this construction fails. For example, consider the 
curve 


C: pa=z*ta’, (3.6) 


which is drawn in Fig. 8. Any line passing through (0,0) has only one more 
common point with C: on y = tz it is defined by the equation x?(t?—x—1) = 0. 
Besides the trivial solution z = 0, we obtain x = t? — 1 and y = t(t? — 1) so 
that we have found all points on C with the help of a rational parametrization. 
In the non-singular case no such parametrization exists. On the other hand, 
in our example we could have still defined the group law on the set of non— 
singular points as above. However, this becomes simply multiplication (for a 
suitably chosen rational parametrization). 


Fig.8 


A curve admitting a rational parametrization is called rational. How one 
can establish that such a parametrization exists or otherwise, and how its 
existence influences the problem of describing all rational points, is answered 
by algebraic-geometric methods. 


3.3. The Structure of the Group of Rational Points of a Non—Singular Cubic 
Curve. The most remarkable qualitative feature of the secant—tangent method 
is that it allows one to construct all rational solutions of a non-singular cubic 
equation (3.1) starting with only a finite number of them. In group-theoretical 
language, the following result is true. 


Mordell’s Theorem. The Abelian group C(Q) is finitely generated (Mordell 
L.J. (1922), Cassels J.W.S. (1966), Mordell L.J. (1969)). 


From the structure theorem for finitely generated Abelian groups, it follows 
that 


C(Q)=AxZ’ 
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where A is a finite subgroup consisting of all torsion points, and Z" is a 
product of r copies of an infinite cyclic group. The number r is called the rank 
of C over Q. 

The group A can be found effectively. For example, Nagell and Lutz (Lutz 
E. (1937)) proved that torsion points on a curve y* = x? + az +b for which a 
and b are integers, have integral coordinates. Furthermore, the y-coordinate 
of a torsion point either vanishes or divides D = —4a? — 2767. 

B. Mazur proved in 1976 that the torsion subgroup A over Q can only be 
isomorphic to one of the following fifteen groups: 


Z/mZ (m <10,m = 12), Z/2Z x Z/2nZ (n < 4), (3.7) 


and all these groups occur. 

It is still an open question whether r can be arbitrarily large. Mestre 
(Mestre J.-L. (1982)) constructed examples of curves whose ranks are at least 
14.*) A comparatively simple example of a curve of rank > 9 is also given 
there: y? + 9767y = x? + 35762" + 4252 — 2412. One can conjecture that rank 
is unbounded. B. Mazur (1986) connects this conjecture with Stlverman’s con- 
jecture (Silverman J.H. (1986)) that for any natural k there exists a cube-free 
integer which can be expressed as a sum of two cubes in more than k ways. 


Examples. 
1) Let C be given by the equation 
yt+y=r-2 


whose integer solutions list all cases when a product of two consecutive 
integers equals a product of three consecutive integers. Here Ai is trivial 
while the free part of C(Q) is cyclic, with a generator P = (0,0). 

Points mP (labeled by m) are shown in Figure 9. Table 3, reproduced here 
from Mazur B. (1986) with Mazur’s kind permission, shows the absolute 
values of the X-coordinates of points mP, for even m between 8 and 58. 
One sees that the last figures lie approximately on a parabola. This is not 
an accident, but a reflection of the quadratic nature of heights on elliptic 
curves (cf. below). 

2) Let C be given by the equation 


y>+y=22-—7Tr +6. 


Then C(Q) & Z?, and the points (1,0), (6,0), (0,2) form a basis of this 
group. 

3) Table 4, calculated by Selmer (Selmer E.S. (1951), (1954)), lists ranks r 
and generators for curves X?+Y? = AZ? with natural cube-free A < 500. 
These computations have now been extended up to A < 70000 (Stephens). 
Don Zagier noticed that in this range there are about 38.3% of curves with 
r = 0; 48.9% with r = 1; 11.7% with even r > 2 and 1.1% with odd r > 3, 
and these values vary only slightly within large intervals of the tables. 


*)The present record is an elliptic curve of rank > 21 by Nagao (1994). 
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y 4 


28 


30 


Fig.9 


Table 3 


20 

116 

3741 

8385 

239785 

599997896 

18490337896 

270896443865 

16683000076735 

2786836 257692691 

3148929681285740316 

342115756927607927420 

280251129922563291422645 

804287518035141565236193151 

743043134297049053529252783151 

3239336802390544740129153150480400 

261339025245801434436942401 2613679600 
12518737094671239826683031943583152550351 

596929565407 758846078157850477988229836340351 
2385858586329829631608077553938139264431352010155 
5618605401843475352702275238228029 1882048809582857380 
238975051911091401863099093 76606354352699564527 70356625916 
650087890787664552756007507113064937939959207504295469 12218291 
86338150358868067 13921361263456572740784038065917674315913775417535 
4327678343894888631 2588030404441 444313405755534366254416432880924019065 
593076045469642658948956 761 739 7943244827292346871145123187277732855876671389 


Table 4. Number of generators g and basic solutions of X° + Y? = 
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cube-free, As < = 800 


1 
1 
1 
1 
2 
1 
1 
1 
1 
| 
1 
1 
1 
1 
1 
2 
1 
1 


Oe ee 


en ee 


(683, 397, 294) 

(18, —1,7) 

(3, 2,1) (5,3, 2) 

(19, 1,7) 

(25 469), 17 299, 9954) 
(Berl 

(3, 1,1) 

(163, 197,57), (289,19, 
93 


(137, —65, 42) 

(1853, 523, 582) 

(631, —359, 182) 

(3, 2,1) 

(4,-3.1) (10, —1,3) 
(449, —71, 129) 

(7, 1,2) 

(11, —2, 3) 
(23.417, 11 267,611) 
(730511, 62641, 197 028) 
(1872, —1819, 217) 

(28 747, -14 653, 7083) 
(5, —4, 1) 

(11, 7, 3) 

(4, ~1, 1) 

(4,1,1) (191, —146, 39) 
(5353, 1208, 1323) 
(2538 163, —472 663, 
620505) 

(15 409, —10 441, 3318) 
(53, 17, 13) 

(197, —126, 43) 

(17351, —11951, 3606) 
(5563, 53, 1302) 
(13, —4, 3) 

(433, 323, 111) 
(2570129, —2.404 889, 
330 498) 

(13,5,3), (10067, -10049, 
399) 


(1 176 498 611, —907 929611, 


216 266 610) 

(53, 36, 13) 

(1241, —431, 273) 
(4,3,1), (6, —5, 1) 
(25 903, —3547, 5733) 


AZ? with A 


(15 642 626 656 646 177, 
—15 616 184 186 396 177, 
590 736 058 375 050) 

14, —5, 3) 


5 

(592, -349, 117) 

(4033, 3527, 1014) 

(165 889, —140 131, 25 767) 

(90, 17, 19) 

(181, —71, 37) (629, 251, 
134) 

(9109, —901, 1878) 

( 

(5, 

( 


5 266 097, —2741 617, 
1 029 364) 


184 293 499 139, 

10 183 412 861, 

37 045 412880) 

(5,—1,1) (479, —443, 57) 
(5,1 a: 71, —23, 14) 
(7, a. 1) (121, ~120, 7) 
(52 954 777, 33 728 183, 
11 285 694) 

(2089, -901, 399), (39007, 
—29 503, 6342) 

(5, 2, 1) 

(9, 7, 2) 

(16, —7, 3) 

(27 397, 6623, 5301) 

(53 579 249, —52 310 249, 
4 230 030) 

(2 454 839, 1858, 530 595) 
(73, 15, 14) 

(338, —95, 63) 

oe —19, 13), (107, —56, 
( 
( 
( 
( 
( 
( 
( 


627, 1293 ,471) 

19 964 887, —19 767 319, 
1 142 148) 

103 750 849, 2 269 079, 
19 151 118) 

39, —16, 7) 

11,—3,2), (17,—8,3) 
311 155 001, —236 283 589, 
46 913 867) 

1 374 582 733 040071, 
—1 295 038 816 428 439, 
136 834 628 063 958) 

(8, —7,1) 

(26 353, 14957, 5031) 


AO 


214 


215 
217 
218 


219 
222 
223 
228 


229 
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Table 4 (continued) 


(37, 20,7) 

(139, —103, 21) 

(2419 913 540 753, 
1587 207 867 247, 

468 227 201 520) 

(110 623 913, 8 065 063, 
19 668 222) 

(2 184 480, —1 105 053, 
357 833) 

(901, 719, 183) 

(11,5,2), (17, 1,3) 

(14, 13,3), (295579, 
—190 171, 46 956) 

(56 182 393, 15 590357, 
9911895) 

(336 491, —149 491, 57070) 

(135 477 799, —116 157598, 
16 825 599) 

(68 561, —54521, 9366) 

(2339, —2142, 247) 

(1801, -19, 309) 

(16, 11,3), (3251, 124,555) 

(2884 067, 257 437, 491 652) 

(229, 32,39), (2426, 
~2165, 273) 

8191, —6651, 1094) 

(5211, —4961, 455) 

(52,—41,7), (125,-26, 21) 

(1387, 503,237), (3961, 
—2071, 633) 

(74 167, 66 458, 14925) 

(337 705 939 853, 

—~315 091 652 237, 
32 429 956 428) 

(64 313 150 142 602 539- 
525 717, 46 732 739 212 871- 
851 099 283, 12.000 095 230- 
802 028 099 750) 

(307 277 703 127, 

—244 344 663 377, 
40 697 090 945) 

(6, -1, 1) 

(6,1,1), (9,—8, 1) 

(7,-5,1), (279 469, 

—61 469, 46 270) 

(17, 10,3), (168 704, 
—36 053, 27 897) 

(5 884 597, 858 653, 972 855) 

(509, 67, 84) 

(46 323 521, —27 319 949, 

7 024059) 

(745, —673, 78) 


( 

(818 567, —369 503, 

129 186) 

(124 253, —124 020, 3589) 

(248 957, 209 827, 47 106) 

(53 927, 3907, 8703) 

(292, —283, 21) 

(99, 67, 14) 

(571049, —511 271, 59 787), 
(2 043 883, —1 767 133, 

230 685 

(20, ~11, 3) 

(275 657 307 291 045 075 203- 
684 958 997, —275 522 784- 
968 298 556 737 485 593 813, 
4.974 480 998 065 387 679- 
603 368 524) 

(4284, —4033, 373 

(19,—1,3), (587,437, 104) 

(2 195 839, —2047 231, 

198 156) 

( 

( 


36 326 686 731 109 813, 

9 746 422 253 537 867, 

5 691 827 727 610 864) 

(861 409, —342 361, 130914) 

(800 059 950, —786 434 293, 

45 728 263) 

(10,—9,1), (487, —216, 73) 

(19,8,3), (190, —163, 21) 

(111 035 496 427 236 122 887, 

—43 257 922 194 314 055 637, 

16 751541 717010945 845) 

(424 560 439, —309 086 839, 
55 494 828) 

(209, —145, 28) 

(13, 3, 2) 

GaaA) 


| (117217, 96913, 13542), 


(2814 607, 1571 057, 
452.772) 


(7 722 630 462 000 896 449- 
941 136 589, 

— 1293 813 622 621 939- 
303 367 981 

1174877 194 362 760 234- 
594 343 698) 
(18 989, 1531, 2886) 
(323, —37, 49) 
(248, 121, 39) 
(199, 90, 31) 
(124 559, —103 391, 14 118) 
(34901, —16 021, 5068) 


301 
303 
306 
306 
308 
309 


310 


313 
314 
316 
319 


321 


322 
323 
325 
330 
331 
333 
335 


337 
339 


341 
342 


345 


346 
348 


349 
355 
356 


357 


1 
1 
1 
1 
1 
1 
2 


allA 


— 
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Table 4 (continued) 


Tear [A [e[ana 


(382, 5, 57) 

(2.659 949, 67 051, 396 030) 
(86, —81, 7) 

(6697, —3943, 921) 

(199, 109, 31) 

(20,7,3) (272540932, 
—142 217 089, 38 305 371) 
(5011613, —190 493, 

740 484) 

(22, -13, 3) 

(241, —223, 21) 

(73:1) 

(6 462 443 919 765 751ts305- 
499, 

—6 182025 219 694 143- 
438 499 

472 407 353 310 304 561- 
590) 

(13 755 277 819, 

8 670 272 669, 
2.164 318 002) 
(1873, 703, 278) 
(252, 71, 37) 

(128, 97, 21) 

(1621, 1349, 273) 

(11, —10, 1) 

(397, —286, 49) 


(7,-2,1) (390997, 260 243, 


61 362) 


(1392097 139, —345 604 139 
198 626 610 

(6,5, 1) 

(7,-1,1) (1253, —1205, 

86 


(16 543, 8297, 2454), 
(389 699, -190979, 
53 292) 


(40 283, —15 227, 5622), 
(2706 139, 425 861, 
385 230) 

(23, —14, 3) 

(2.903 959), 2617001, 
492516) 

(15 026 630 492 061 476- 
041 947 013, 

4709 632 110011 335- 
573 393 177, 

2.098 221 141 580681- 
446 554 589) 

(19 207, 6497, 2742) 


pee elAw pee 


— 


—_— 


1138 095) 

77 517 180, 50972 869 
11855651) 

1 909 159 356 457, 

~1746 345 039 913, 

165 073 101 648) 

(208 027, —1 675 277, 

228 885) 

(42 349, 526, 5915) 

(7,3, 1), (70523, 19 387, 
9891) 

(2717 893, 630 107, 379 470) 
1604, — 1595, 57) 

479, —237, 62) 

15,—7,2), 917, —908, 39) 
1009, —629, 127) 


( 
(7 951 661, 2922589, 
( 
( 


(8, a 1 

4659, —3287, 553) 

3043, 467,417), (4373, 
~863, 597) 

590 456.252 061 289, 

~171 359 229 789 289 

80 084 103 077 160) 

(4.045 451 855 513 988 711- 
059 

2.369 372 172 284 459- 

347 309, 

587 046 969 413 536 968 336) 
(1 439 245 403, —573 627 403, 
192 088 390) 

(7891, —7851, 266) 

(46 789 273, —37 009 657, 

5 074314) 

(12,-11,1) (360, 37, 49) 

( 

( 


( 
( 
( 
( 
(2 ay 2054) 
(9, 
( 
( 
( 


22,5,3) (401, 328, 63) 
585 699 417 548 405 371, 
102 798 361 240815 491, 
79 502 362 839 530631) 
(53, —22, 7) 

(7,4,1), (33733, —33 634, 
939 


(186 871 897, 49 864 103, 
25 292 280) 

(2575, —2103, 266) 

(68 073 157, 32528 843 
9 454 410) 

(76 267, 25 307, 10323) 
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Table 4 (continued) 


[efans fs [sans 


420 (2213, 1567, 327), (10459, 


6679, 1263) 


421 (19 690, 4699, 2639) 
422 (15, 1,2) 

425 (2393, 1007, 326) 

427 (25, -16, 3) 

428 (1294 057, —1 190053, 


104013) 
(16 739, 14 149, 2598) 
(5 989 967, 3 449 393, 
841 204) 
(701, —270, 91) 
(37,35,6) (223, —222, 7) 
(32779, —1459, 4326), 
(3 784049, 2981071, 
570 276) 
(19,17,3), (1330019, 
—1 224071), 105 957) 


429 
430 


431 
433 
435 


436 


438 (12 636 764 083, 
11 127850973, 
1979 215602) 
439 (571, —563, 26) 
441 (13, 11, 2) 
4A4 (4174 254 535 499, 
—726 500 109 131, 


546 201 297 768 


445 
446 (23, 5,3), (4286417, 
—4 285 265, 52 212) 
(4 405 301, —382 301, 

576 030) 
(323, 126, 43) 
(21 079, 11 321, 2886) 
(851 498 679 025 552 429, 
224 535 817 760071, 
111 626729 681 785 675) 
(23,4,3), (50167097, 
39 331 207, 7 447 188) 
(753 389 202 595 029 867- 


447 


449 
450 
452 


453 


454 


852 290 245 746 241 110629) 


—204 264 638 826 527 324- 
892 641 927 694 862 943 879, 
97 368 775 947 767 167 139- 
892 682 703 702 288 385) 
(41, 31,6) 

(953 038, —761 375, 97 482) 

(248 768 189, —234 795 689, 

17 466 345) 

(3779, 379 489), (11 969, 

~7811, 1389 

(403, —394, 21) 

(1 212 356 942 047, 
1197072217 207, 

52 307 828 958) 

(464 540 708 319 337 302 841, 
88 798 763 256 715 446 551, 
60 057 801 943 830 995 598) 
1170, —763, 139) 

7,51) (859, —763, 74) 
13,—12,1), (26, -17,3) 


568 871, —453 689, 57 627) 
89,70, 13), (12040, 
—11 881,523) 


6) 
2 401 741, 1 945 259, 352 830) 
236 521, 176 021, 25 235) 


~1057 596 310 369, 

1 066 758 076 384) 

59, —33, 7) 

342 361, —57 241, 43 212) 
55,16,7), (7411, —6772, 
579) 

611 137, —490 123, 60543), 
(16 811 001, —15 250 751, 
933 765) 


ref FN i a 


A) For y(y+1) = x(x—1)(x+2) we have r = 2; for y(y+1) = x(x—-1)(x +4), 


r = 2 (compare this with example 1). 


5) Consider the curve y? = x° + pz, p = 877. A generator modulo torsion 
of the group of rational points of this curve has x-coordinate 


__ 375494528127162193105504069942092792346201 
~ 6215987776871505425463220780697238044100 © 
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This shows that naive methods of seeking points quickly become inefficient 
(cf. Cassels J.W.S. (1966), Coates J., Wiles A. (1977), Coates J. (1984) 
for an educated approach). 


3.4. Cubic Congruences Modulo a Prime. Let p be a prime and F(X, Xj, 
Xz) a cubic form with integral coefficients. Reducing F modulo p, we obtain a 
cubic form over the prime finite field F,. This reduction is called non-singular 
if it has no common zeroes with its first partial derivatives in any extension of 
F,,. We can also apply elementary algebraic-geometric ideas to fields of finite 
characteristic. The normal forms are then slightly more complicated. By mak- 
ing a change of projective coordinates and passing to the non—homogeneous 
equation, we can always reduce the equation F’' = 0 to one of the following 
types (Koblitz N. (1987), Serre J.-P. (1968a)): 


1) For p# 2,3: 
y? =a +ax+b (4a? + 276? £0), abe Fy. (3.8) 
2) For p= 2: 
y*? +a;zy +a3y = 2° +azr+b, a,b,a1,a3 € Fo (3.9) 
(there is no need to exclude multiple roots in the right hand side polyno- 
mial here). 
3) For p=3: 


yy=2r+azr*+br+e, a,b,cE Fs; (3.10) 
(here multiple roots are again disallowed). 


The projective curve defined by the respective homogeneous equation al- 
ways has a rational point O = (0: 1:0). 

How many points over F,, that is, solutions of the congruence F’ = 0 mod p, 
should we expect? Clearly, the total number (counting O) cannot exceed 2p+1, 
since every finite x gives no more than two values of y. On the other hand, 
of all the non—zero residue classes, only half of them are squares (for odd p). 
Hence we might expect that 2° + az + b is a square only for about a half of 
the z’s. 

More precisely, let x(x) = (2) be the Legendre symbol (cf. 1.5). Then, by 


definition, the number of solutions of y* = u in F, is 1 + y(u). Therefore, 


Card C(F,) =1+ S- (1+ x(x° + az + b)) 


xeF, 


=p+1+ S~ x(a? + az +b). 
xreF, 


N. Koblitz (1987) compares the last sum with the result of a random walk 
on a line. After p steps one might expect to be at distance roughly ,/p from 
zero. Actually, one can prove the following remarkable theorem (in H.Hasse 
(1937)): 
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Hasse’s Theorem. Let N, = Card C(F,). Then 


[Np — (p+ 1)| < 2. 


An elementary proof of this theorem was given by Yu.I.Manin (1956). 
Since then, both the algebraic-geometric and the elementary proofs have been 


greatly extended. For a review of the elementary methods see Stepanov S.A. 
(1974). 


§4. The Structure of the Continuum. 
Approximations and Continued Fractions 


4.1. Best Approximations to Irrational Numbers. Since V2 is irrational, 
the quadratic form x? — 2y* cannot vanish at integral points (x,y) # (0,0). 
The smallest values taken by this form at such points are 


a? — Qy* = +1. (4.1) 


This is an instance of Pell’s equation, which we discussed in 2.5; we are now 
interested in it because its successive solutions give the best approximations 
to V2 by rational numbers. 


More precisely, a/b is said to be a best approximation to a if 
lba — al < |da —c| 
for all0 <d <b, ac. Every solution to (4.1) can be obtained by setting 


a +V2b = (1+ V2)". 


Table 5 


1,416... 


41 1,4137... 
99 1,141428... 
239 1,414201... 
577 1,414215... 
1393 1,4142132.. 


1,4142136... 
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4.2. Farey Series. One way of finding good approximations is connected 
with a specific procedure for enumerating all the rational numbers between 0 
and 1. Denote by F,, the Farey series of order n, which consists of all such 
numbers in increasing order whose denominators are < n: 


Fn = {a/b |0<a<b<n, (a,b) = 1}. (4.2) 

Table 6 
fee ek 2. ee ee oe ee ea ee 
5 4 3 5 2 5 3 4 5 1 4 3 2 3 212 2 21 «21 ~«1 


Theorem (in Hardy G.H., Wright E.M. (1979)) For every real number a € 
[0,1] there exists a/b € Fy, such that 


1 


lo- 5 < inal) (4.3) 


The proof is based on the fact that if a/b, c/d are neighbours in F,, then 
ad — bc = +1. This in turn can be seen by noting that one can go from F, 
to Fni1 by inserting between a/b and c/d all mediants (a + c)/(b + d) with 
ctd=n+1. 

In this theorem a need not be irrational, so we obtain some information 
about rational approximations to rational numbers with large denominators. 

If a is irrational, this theorem shows that the inequality 


<a (4.4) 


has infinitely many solutions a/b. If a/b is a best approximation, then (4.4) 
follows from (4.3) with n = b. An efficient way of finding best approximations 
is furnished by continued fractions. This tool also allows us to show that for 
irrational @ the following stronger inequality has infinitely many solutions 


1 
V5b? 


4.3. Continued Fractions. (Khinchin A.Ya. (1978), Davenport H. (1952), 
Hardy G.H., Wright E.M. (1979)). For an arbitrary real number a, we define 
a sequence of integers a; and real numbers a; by the following rules: a9 = [al 
(the integral part), a9 = a, Qi41 = 1/(a; — aj), @i41 = [ai4i] (¢ > 0). We 
obtain a continued fraction 


e-< (4.5) 


|< 
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1 
a=agt 


ai + 


ao + 1 


Am + 
Am+1 


which can be written in a more compact notation as 
= [A0; @1,42,.-.;@m, Am+41). (4.6) 
Deleting Q@m41 in (4.6), we get the finite continued fraction 
Cr 10620458 | 


called the m*" convergent of a. The numerators and denominators of the 

successive convergents Cy, = Am/Bm can be calculated recursively starting 

from A_» = B_; =0, A_; = B_2 = 1 with the help of the following relations: 
Apsi =Gn41 Ap + Ag-1, 


(4.7) 
Brit = 0b4+1Be+Br_1 (k = —1,0, 1, og .). 


If a is irrational, then a, 4 0 for all natural m. Convergents of even order 
increase; those of odd order decrease, and both sequences converge to a. The 
limit is denoted as the (infinite) continued fraction 


= [€0}@1,@2,...,Qn,...]. 
This all follows easily from (4.7): first we see that 
ByAr—1 — ApBr-1 = (-1)*, k > 1, 


(4.8) 
Br Ar—2 — Ar Br-2 = (—1)*~* ax, k > 0, 
and then ; 
Ana Ag (-1) 
Bp B B,Br_1’ 
k-1 k tBr_1 (4.9) 


Ar_-2 _ Ak = (—1)*-1a, 
Br-2 ~=By ByBr-2 


From (4.9) one also deduces that every best approximation to a is equal to a 
convergent A,,/Bm, because 


1 


ea < a-— 
Br, ( Bry: za Bm+1) 


(4.10) 


| 2 
Bm BmBm+1 


4.4, SLo-Equivalence. The numbers a,, defined by (4.6) are related to a 
via fractional linear transformations 
Am—10m F Am —2 


SS SS 4.11 
Bm-1Am + Bm-2 ( ) 
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Moreover, the determinants of these transformations are (—1)™ (see (4.8)). In 
general, two numbers related by a fractional linear transformation of deter- 
minant 1 are called SL2(Z)-equivalent. Hence a and (—1)™a,, are equivalent 
in this sense. Conversely, a and 6 are equivalent iff a, = @, for appropriate 
m and n (see e.g. Khinchin A. Ya. (1978)). In particular, all rational numbers 
are equivalent to one another. 


4.5. Periodic Continued Fractions and Pell’s Equation. Consider an infinite 
continued fraction which becomes periodic after a certain place ko, with a 
period of length k: 


= 1063 Otte tends Gkaye 5 Oko tk=1!- (4.12) 
Then from (4.11) it follows that @ is a quadratic irrational number. 


Example. We have 
V3 = [1;1,2,1,2,1,2,...], 


since, denoting by x the r.h.s. continued fraction, we have 


1 
Lao 
that is, 

Qn +27 = 3420 


and, finally, c = J/3. 
The following algorithm efficiently calculates a,, for a quadratic irrational- 
ity a. Let N be square-free, 


a = (Po +VN)/Qo, 
where Po, Qo, N integers such that N — P? is divisible by Qo. Find successively 
Pi41 = aiQ; — P; 
Qitdi = (N - Pi On a= | ee be ae 
Then the P; and Q; are all integers; Q; divides N — Peas and 
eee JN 
Qit1 


In general, P; and Q; do not grow as rapidly as the numerators and denomina- 
tors of the successive convergents. For example, if |Po| < VN,0 < Qo < VN, 
we have for all 2 > 1: 


i411 = 


0<P,<VN,0<Q; <2VN, 
Aj = NB; a (—1)"t*Qi41 
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(cf. Riesel H. (1985), Knuth D.E. (1981)). At the i*” stage, the calculations 
consist of four steps. 


1) Pais We R; (Ro = 0), 
Qisi = (N P21) /Qi (Q- ice =(N- Py )/Qo), 


) 
3) aita = (Pina + [VN])/Qisi], 
) Ry = the residue of Pj41 + [VN } modulo Qi41. 


This algorithm can be ue to calculate efficiently the smallest solution to 
Pell’s equation. In fact, if a2 — Nb? = 1, then we have a? > 14+ N, b? > 1, SO 
that 

a JN 
= — VN| = ——_. 
b IR 


Hence a/b is one of the convergents of VN. 


Example. The smallest solution to x? — 43y? = 1 is x = 3482, y = 531. Its 
calculation by the method described above is protocolled in table 7. 


Table 7 
-2}-ifo |if2 [3 [« |s [6 [7 |e 
: Ge OWT et 
et Tt fst ats] af sf st 4] 5] i 
Q: SERIE EE EET 
Re SST EEE CETERA TEETAIT ETH E 
Ai fo fa | 6] 7] 13] 46] 59 341 400 1541 3482 
ft fof tts] at a] 9] 5] or] 25 | a06 | sar 
At ~ 4383 IERIE 3 
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Chapter 2 
Some Modern Problems of Elementary Number 
Theory 


$1. Factorization and Public Key Cryptosystems 


1.1. Factorization is Time-Consuming. In order to multiply two primes p < 
q given their binary expansions, it suffices to perform C(log q)* bit-operations 
(see 1.1.1). Suppose now that we are given n = pq and are asked to find p and 
q. If p ~ q ~ Vn then the naive repeated trial of all d < ./n would require 
more than 


CJ/n = Cexp (; log 


divisions with remainder. This exponential growth of the running time makes 
the factorization of even rather small numbers unfeasible, at least unless one 
invents more efficient algorithms. For example, consider the factorization 


(107! — 1)/9 = 2415731423936276735 76957439049 x 
4599481 1347886846310221728895223034301839. (1.1) 


With some patience, one can multiply the two numbers on the right hand side 
in an hour or two on a sheet of paper. However, the factorization of the result 
by the trial-and-error method would take about 10° years of running time (if 
one division requires 10~° sec: cf. Simmons G.J. (1979), Peterson I. (1985), 
Wunderlich M.C. (1985)). 

In real life, the factorization (1.1) was first found in 1984 with the assistance 
of a CRAY supercomputer and fairly advanced factorization methods, which 
made this task feasible if not inexpensive. 


1.2. One-Way Functions and Public Key Encryption. We may consider 
the binary expansion of n = pq as a message which can be encoded in many 
other ways, e.g., by giving expansions of p and q. The rules explaining how 
to pass from one form to another from the information-theoretical viewpoint 
can be called enciphering, encryption and deciphering. Experimentally, one 
knows that some functions are easy to compute but difficult to invert (one- 
way, or trap—door functions). It is then natural to try to use these functions 
in cryptography. We recall that cryptography studies problems of information 
handling concerned with keeping and breaking secrecy of messages. One-way 
functions are used in the so called public key encryption schemes, which were 
suggested in the seventies and revolutionized this domain. 

Before explaining the design of one such scheme, we must stress however 
that there are no theoretical lower bounds on computational complexity justi- 
fying our experimental observation that complexity of factorization far exceeds 
that of multiplication. In principle, we cannot exclude the possibility that a 
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very efficient algorithm for factorization (or for inverting any given trap—door 
function) might eventually be found. This is one of the basic problems of com- 
putational complexity theory (cf. e.g. Garey M.R., Johnson D.S. (1979), Co- 
hen H., Lenstra H.W. Jr. (1984), L.Adleman, R.Rivest, and A.Shamir (1978)). 
If, however, we assume this experimental fact, we can use it in order to gen- 
erate new encryption schemes with remarkable properties. 

We shall now describe the first “public key cryptosystem” suggested by 
L.Adleman, R.Rivest, and A.Shamir (1978). 


1.3. A Public Key Cryptosystem. Imagine a system of users U;, U2, U3,... 
From time to time any pair of users may need to exchange messages that 
should remain secret to other users or outsiders. 

In a classical cryptosystem, they should first share keys and keep them 
secret. A public key system avoids this last restriction: secret pairwise com- 
munication becomes possible using only information open to everybody. Such 
a system can be devised as follows. 


a) Every user U; choses two large primes p; and q;, and two residue classes 
e;,d; mod n,, where nj = pig;, such that e,d; = 1 mod y(n,;) where 
y(n;) = (p; — 1)(q; — 1) denotes the Euler function (cf. 1.1.4). 

b) The numbers (e;,7;) are made public for all users. 


We argue that it is unfeasible to calculate d; knowing only (e;,n;), so that 
d; can be considered as a secret known to U; alone. In fact, we shall show 
that an efficient algorithm for calculating d; would also find efficiently the 
prime factorization of n;, which we assumed to be difficult. Suppose that 
we know d;. We then know that y(n;) divides e;d; — 1. If we knew y(n) 
itself then we could easily find p; and q;, since pj + q; = n; + 1 — y(n;) and 


Di - GM = V (pi + G)* — 4n;. One can show that even knowing only a multiple 
of y(n,;) suffices (Miller G.L. (1976), Wagon S. (1986)) to find p; and q. 


c) Suppose that a user U; wishes to transmit to U; a coded message which 
is a sequence of bits. He first breaks this sequence up into blocks of length 
[logy n;], then considers each block as a residue class m mod _n, and finally 
encodes it as the residue class m*i mod n,;. Thus, (n;,e;) serves as the 
encryption key of the j* user (recall that it is common knowledge). 

d) Having received the encoded message, U; decodes any block b mod n, 
by computing 627 mod n ; (recall that he knows the deciphering key d;). 
This is easily checked with the help of Fermat’s little theorem (1.1.4). 


Clearly, the details of such a scheme can be varied ad infinitum. For ex- 
ample, one can devise an authentification procedure (“electronic signature” ) 
which uses a form of a secret message from U; to U; allowing U; to convince 
a third party (a “judge”) that the author of the message is U;, so that it is 
not faked by U; himself. This can be crucial for certain financial transactions. 

Denote by £; the encoding map for messages addressed to U; and by D; his 
deciphering map. Then £; is public domain while D; is U;’s property. For an 
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arbitrary plain message M we have D;(F;(M)) = M and £,(D;(M)) = M. 
The user U; sending his message M to U; uses as his signature S = D,;(M) 
and transmits to U; its encoded version E;(S). In his turn, U; first computes 
S = D;(£;(S) and then M = E;(S) using the public key E;. The addressee 
can convince a judge that M comes from U; because only by applying FE; can 
one transform S into a given sensible message M. On the other hand, the 
addressee cannot fake S since he does not know Dj. 

We shall concentrate now on the number - theoretical rather than the infor- 
mation-theoretical aspects of public key cryptosystems. We shall describe how 
some classical number — theoretical results can be applied to two particular 
problems in this domain. 

Problem 1. How does one produce large primes? 

We want to stress that we really need an efficient method for mass produc- 
tion of “sufficiently random” large primes, in order to allow a user to compute 
(with the assistance of a large computer) his customized pair (p;,q;), and to 
be sure that a different user will get a different pair. 

Problem 2. How does one factorize large integers? 

This problem is crucial for a third party wanting to break the cryptosystem 
and, of course, for the designers wanting to secure its infallibility (cf. Diffie 
W., Hellman M.E. (1976), Kahn D. (1971)). 


1.4. Statistics and Mass Production of Primes. The asymptotic law of the 
distribution of primes (or prime number theorem) is m(x) ~ ; eee 1.1.6). 
We can start then with a naive assumption that if N is not too small with 
respect to x then between x and ++ N there should be about N/ log xz primes. 
For example, if the least prime following z is bounded by z + (logz)™, then 
one can just check successively 7,4+1,x+2,.... The complexity of the prime 
production would then be of the same order as the complexity of the primality 
testing algorithm used. If one can take M = 1, then to produce a prime of 
order about 2! one should first produce a random number z of that order, 
and then test about (log 101°°)/2 = 115 odd integers. If there is a primality 
test for y, which is polynomial in logy, then this is a feasible task. 

We shall discuss in the following subsection efficient probabilistic primality 
tests. 

We should remark however that such absence of large gaps between primes 
is not proved and probably is not even true. All known results on the gaps 
give upper bounds which are powers of X (see Heath ~ Brown D.R. (1988), 
Hildebrand A. (1988), Zagier D. (1977)). We quote some of them: 


7/12 4 
rea) nia) Ee (140 (HE) ). 


Ah 


n(x +2°) — r(x) > C(6) (1.2) 


log x 
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for 6 > 11/20 where C(@) is a positive function. For almost all x, a stronger 


result is known: 


7? 


log x’ 


n(x + 2°) — x(x) > 0.15 


if @ > 1/12. 
For an interesting discussion of large gaps between primes, see Riesel H. 
(1985), p.84 and Zagier D. (1977). 


1.5. Probabilistic Compositeness Tests. Some modern efficient primality 
tests actually check a weaker property connected with the notion of Eulerian 
pseudoprimes (cf. I.1.5). We recall that n is called an Eulerian pseudoprime 
modulo b if n and 6 are relatively prime, and 


per ieS (=) mod n. (1.3) 


nr 


Primes are pseudoprimes modulo every b: this follows from the fact that 
(Z/nZ)* is cyclic (cf. 1.1.5). One readily sees that for composite n, (1.3) 
fails for at least half of the residue classes in (Z/nZ)*. A probabilistic primal- 
ity test based upon this observation consists of checking (1.3) for, say, several 
hundred randomly chosen b. If an n passes such a test it is sometimes called “a 
commercial prime”. Commercial primes are used in public key cryptosystems 
although, strictly speaking, their primality is not established by the test. 

Recently it was found that such a proof could be given if one assumes the 
generalized Riemann conjecture on the zeroes of the Dirichlet L—functions. 
Namely, one can deduce from this conjecture that the validity of (1.3) for 
all b < 2(logn)? implies that n is prime (see Miller G.L. (1976), Wagon S. 
(1986)). To check this property, it suffices to perform O((logn)**®) divisions 
with remainder, for any € > 0. 

This Solovay-Strassen primality test admits some interesting variations, 
e.g., the Miller — Rabin test (see Solovay R., Strassen V. (1977), Miller G.L. 
(1976), Rabin M.O. (1980), Riesel H. (1985), Schroeder M.R. (1984)). It is 
based on the following notion of strict pseudoprimality. Suppose that n is 
pseudoprime modulo }, so that 6"~! = 1 mod _ n. We shall now calculate all 
consecutive square roots of the left hand side, that is, b(°-))/?" fori =1,...,s 
where t = (n — 1)/2° is odd. If n is prime then the first residue class in this 
sequence distinct from 1 should be —1. We shall call n strict pseudoprime if 
either b© = 1 mod n or for some 0 < r < s we have 


b?°*§ =-1 mod n. (1.4) 


The Miller-Rabin test consists of checking this property for a set of ran- 
domly chosen 0b. 

In the next section, we shall describe some deterministic primality tests sug- 
gested by Adleman, Pomerance and Rumely (1983) and developed by Lenstra 
and Cohen (Lenstra H.W. Jr. (1980), Vasilenko O.N. (1988)). They have 
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subexponential running time, and the proofs that they work do not utilize 
any unproved conjectures. 


§2. Deterministic Primality Tests 


2.1. Adleman—Pomerance—Rumely Primality Test: Basic Ideas. There are 
two main variants of this algorithm (see Adleman L.M., Rivest R.L., Shamir 
A. (1978), Lenstra H.W. Jr. (1980)): a simpler, probabilistic version, and a 
deterministic one. Its running time is bounded by 


log nc log log logn 

where c is an effective constant. The power in this expression grows so slowly 
that this bound can be considered “almost polynomial”. All previously known 
deterministic primality tests had exponential running time (e.g., Pollard’s test, 
described in Pollard J.M. (1974), Riesel H. (1985), requires about 


1 
nst€ = exp ((; + | log 
operations). 


The algorithm consists of the following steps. 


a) One checks a series of conditions generalizing the congruence (1.3) for 
the Jacobi symbol. If n fails to satisfy any of these conditions, then it is 
composite. 

b) If n passes the first stage, the test furnishes a small set of integers con- 

_ taining all divisors r of n not exceeding ,/n. It remains to check whether 
n is divisible by at least one element of this set. 

c) The set of potential divisors r is determined by specifying their residue 
classes modulo an integer s > ,/n, which in turn is a product of several 
distinct primes q. In view of the Chinese Remainder Theorem (cf. 1.1.4), 
it suffices to specify r mod q for all q dividing s. 

d) Every q dividing s satisfies the following condition: g — 1 is a product of 
several distinct primes taken from a fixed set {po,..., px}. These primes 
are called the znitzal primes, and the q are called the Euclidean primes, 
because they are constructed by the method used in Euclid’s proof that 
the set of primes is infinite: 


q=1+po°pt*...py*, A =O or 1. 


To estimate the running-time, one has to use a hard theorem from analytic 
number theory (Prachar K. (1957)) which guarantees that even for a small 
set of initial primes, the product of all Euclidean primes generated by them 
can be large. More precisely, given n, one can determine a set of initial primes 
{po,..-,;Pk} whose product t is bounded by 
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k 
t= NE < log(n@ loslosloen) (n > e®), (2.1) 
i=0 


whereas the product of the corresponding Euclidean primes is bounded from 
below by 


ss I] g> vn, (2.2) 


(q—1)|t 


where co is a computable positive constant. Notice that in this situation the 
number of Euclidean primes is bounded by 7(t+1) < t+1. For any n < 10°°° 
one can take t = 2-3-5-7-11-13-17-19. 


e). To determine r mod gq, one actually calculates the discrete logarithms 
ind(r, g,q) of all possible r with respect to a fixed generator g of (Z/qZ)*. 
These logarithms are in turn determined by their residue classes ind(r, g, q) 
mod p; where p; runs over all initial primes. Again, this follow from the 
Chinese Remainder Theorem. 


We shall now describe the algorithm in more detail. 


2.2. Gauss Sums and Their Use in Primality Testing. For an odd gq, the 
Euler criterion (2) = q‘"-))/? mod _n can be rewritten in the form 


(*) = (Ayr tgs mod n, (2.3) 


which gives a formula for calculating the quadratic residue symbol of n modulo 
q. In the algorithm we discuss here, one uses generalizations of this formula 
to arbitrary p“” power residue symbols for initial primes p. In order to explain 
these generalizations, we must introduce Gauss sums, which were initially 
used in one of Gauss’ proof of the quadratic reciprocity law (cf. below). 

One calculates the number of solutions of a congruence z? = a in (Z/qZ)* 
with the help of the Dirichlet characters of order p modulo q, that is, the 
homomorphisms yx : (Z/qZ)* — C*. Every such character is defined by the 
image exp(k.277/p) of a generator g of (Z/qZ)*. The number of such charac- 
ters is p if p divides gq — 1, and 1 otherwise. If g is prime, we have 


Card{x € (Z/gZ)*|x? =a}= S~ x(a). (2.4) 


x|xP=1 


In particular, for p = 2 this is 1 + (z). The sum in the right hand side of 


(2.4) vanishes iff y(a) # 1 for some y. This happens only if p|(q — 1) and a is 
not a p' power modulo g. If p does not divide q — 1, both sides are equal to 
1. Finally, if p|(q— 1) and a is a p*® power, both sides are equal to p. 

One way to understand Gauss sums is to view them as discrete analogues 
of the gamma function I'(s), which for Re(s) > 0 is given by the integral 
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©. @) 
I'(s) = / envy (2.5) 
0 Y 

Here the integrand is the product of an additive quasicharacter of R (the 
homomorphism y +> e~¥) and a multiplicative quasicharacter y + y* of R{. 
One integrates this over the positive reals with respect to the multiplicative 
invariant measure oa 

In order to get a Gauss sum, one should replace here R by Z/NZ for some 
N > 1; e~¥ by an additive character Z/NZ — C* : y+ (x, Cw = exp (22), 
and y® by a multiplicative character x : (Z/NZ)* — C%. A Dirichlet character 
x : Z — C corresponding to x and denoted also x is defined by y(a) = 
x(a mod N) for (a, N) = 1 and by x(a) = 0 for (a, N) > 1. The Gauss sum 
G(x) is, by definition, 


G(x) = > x(a) (2.6) 


N-1 
Ga(x) = >> x(x) CH 


Since the formulae (2.5) and (2.6) are obviously similar, they define functions 
with many similar properties. 

To state them, we need the important notion of a primitive Dirichlet char- 
acter. A character x is primitive modulo N if it is not induced by a character 
modulo M for any proper divisor M of N. Equivalently, the restriction of y to 
any subgroup Hy = ((1+ MZ)/(1+ NZ))* is non-trivial. If y is primitive, 
we have 


Ga(x) = X(@)G(x) (a€ Z), (2.7) 
G(x) = x(-1)G(X), (2.8) 
IGX)P = N. (2.9) 


Property (2.7) corresponds to the integral formula 


a en ays Y =a “I'(s) (Re(s) > 0), 
0 Y 


and (2.9), rewritten in the form G(x)G(x~!) = x(—1)N, corresponds to the 


functional equation 
7 


I'(s)I'(—s) = 


 ssin7s’ 
From (2.7)-(2.9) one readily deduces the quadratic reciprocity law. Let us 
prove, for example, the main formula 


(<) (4) = (-1)5 (2.10) 
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where | and q are odd primes. Notice first that the quadratic residue symbol 


x(a) = @ is a primitive Dirichlet character modulo qg. The corresponding 


quadratic Gauss sum G(x) is an element of the cyclotomic ring of algebraic 
integers R = Z[C,]. In any commutative ring the congruence (a + b)! = a! + 
b' mod IR holds because the binomial coefficients C} are divisible by | for 
i=1,2,...,1—1. Since y!(a) = x(a) = £1, we have 


G(x)! = Gi(x') mod IR, Gi(x') = x()G(x), 


so that 
G(x) t= (<} mod IR. (2.11) 
On the other hand, x = X, and from (2.9) it follows that 
a4 
G(x)? = x(-1)q = (-1)7 4. (2.12) 


i—1 


Representing the left hand side of (2.11) as G(x)*7_we obtain 


@itwearn es (<) mod IR. (2.13) 


give (2.10). 
For Z/NZ, there is also an analogue of the beta-function 


1 
B(s,t) = : g®*(1 —2)*" dz = 
0 


[. aoe (Re(s), Re(t) > 0). 


It is called the Jacobi sum depending on two Dirichlet characters x,y mod N. 
By definition, 


Jnovy= S> x(xol-2)= S> x(y)(xd)(1+y). (2.14) 


xmod N ymod N 


(The equality of these two expressions can be established by the change of 
variables y(1—z) > 2,2(1+y)r y). If x,y, and yw are primitive modulo 
N, we have 


I(x, ¥) = G(x)G(v)/G(xv) = Jv, x), (2.15) 


which corresponds to the classical identity B(s,t) = I(s)I'(t)/I'(s + t). In 
fact, let us calculate the product 
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G(X)Gb) = S> x(a)CRGW)= S> xvl(x)cRrv(x)G(y). (2.16) 


xmod N xmod N 


Applying (2.7), we get 


so that (2.16) becomes 


S> (x(a? = SS d(y)Gr4y(xv) = 


x,ymod N ymod N 
Yd, VUxd)(1 + VE(xd) = IY, xX)G(x¥). 
ymod N 


We now establish some congruences useful in primality testing. Let p and 
q be primes, p|(q—1), x a Dirichlet character of degree p modulo g. Choose a 
generator t = tg of (Z/qZ)* and put np = x(tq). This is a primitive p‘” root 
of unity, and G(y) € R = Z[¢,,¢,] = Z[¢p,]. Now let | be a prime distinct 
from p and q. From (2.7) one deduces that 


G(x)! = x(I)7'G(x') mod IR. (2.17) 
Iterating this p — 1 times, we obtain 
G(x)? = x(D-P G(x") mod IR, 


so that - 
G(x)" -} = y(1)7} mod IR, (2.18) 


because 1?-! = 1 mod _ p. Now (2.18) can be rewritten in the form 
(G(x)?) "D/P = X() mod IR 


which generalizes the formula (2.13). 
It is important that G(x)? belongs to the smaller ring Z[¢,] (for p = 2, this 
is just Z). Moreover, it can be expressed via Jacobi sums: for p > 2 we have 


G(x)? = x(- aT] 00x) ; (2.19) 


To prove this identity, it suffices to multiply termwise the formulae 


G(x)G(xt _ 
OES = Tox!) ($= 1,2)---4P=2) 


taking into account (2.8) in the form G(x?~*)G(x) = G(X¥)G(x) = x(—-Lg. 
One uses (2.19) in conjunction with a congruence due to Iwasawa (Iwasawa 
K. (1975), Theorem 1): 
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J(x*,x°) = —1 mod (A)’, 
where (A) = (1 — G,) is a prime ideal of Z{¢,|. Therefore, 
G(x)? = —x(—1)q mod (A)?, (2.20) 


which becomes an exact equality for p = 2. 


2.3. Detailed Description of the Primality Test. 


a) Inthe preliminary stage (cf. 2.1 d), one calculates the number t = eae Di 
which is the product of the initial primes satisfying (2.1) and (2.2): 


t < logn2losloglogen gs — I] qg> vn. 
q.q—1|t 


As we have already mentioned, for n < 10°°° we can take t = 2-3-5-7- 
11-13-17-19. In general, to find t one uses a trial-and-error method, 
and the primality of the Euclidean primes is tested by the primitive case— 
by-case check. Since each gq is bounded by t+ 1, and the number of q’s 
is bounded by a(t + 1) < t+ 1, this preliminary stage requires no more 
than log n°3 8 !eg!eg” operations, with an effective positive constant c3. 
At this stage, one should also check that (n,s) = (n,t) = 1 (otherwise n 
is composite, and the algorithm stops). 

b) The necessary conditions of primality, essentially of the type (2.18), are 
then checked for every pair p,q with p|(q —1),q|s, and every Dirichlet 
character x mod q of degree p. It is convenient to fix p and vary q. For 
each q, one calculates a generator t, of (Z/qZ)*. The Dirichlet charac- 
ters correspond to primitive roots of unity np). The primality condition 
corresponding to (p,q, x) is 


G(x)” 7} = n(x) mod nR, (2.21) 


where 7(x) is a p** root of unity (for prime n, n(x) = x(n), in view of 
(2.18)). To check (2.21), one expands the left hand side with respect to 
the Z—basis of R = Z[|¢,,¢,| and compares it with the right hand side 
coordinate—wise. 

c) If all the congruences (2.21) hold true, one calculates a set containing 
virtual prime divisors r of n not exceeding ./n. We shall first explain how 
this is done in the simplest case when n?~! — 1 is not divisible by p? for 
any p. Then we have simply 


r =n'(mod s) for some i € {0,1,..., t}. 
In fact, if rjn, put 
l(r) = (r?-* —1)/(n?~* — 1) mod p,ly(r) € Z/pZ. (2.22) 


Then the following homomorphy property holds: 
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L,(rr’) =lp(r) + lp(r’), lp(n) = 1. (2.23) 


If r is prime, it follows from (2.18) that 


G(x)" = x(r)7! mod rR. 


Let us write (r?-! — 1)/(n?-! — 1) in the form a/b where b = 1(mod p), 
so that l,(r) = a(mod p). From (2.21) and (2.22) it follows that 


x(r) = x(r)> = G(x) YD = G(x)? *-D = n(x)* mod rR, 


and finally 

x(r) = (x)? (7 > 2). (2.24) 
The additivity property (2.23) then shows that (2.24) holds for all divisors 
of n, not only the prime ones. In particular, for r = n, we find n(x) = x(n), 
because [,(n) = 1. 
Summarizing, we established, that if n?-! — 1 is not divisible by p’, then 
for any triple (p,q, x) we have 


x(r) = x(n), 


so that r= n'* mod q where i =1,(r) mod p for all p. 

In general, we have n?-! —1 = p™u, h > 1, p does not divide u. The 
calculations become longer, but the running time is still bounded by 
log nc logloglogn for a possibly larger constant c. Again, for every triple 
(p,q, xX) we have the congruence (2.21): 


G(x)?" = n(x) mod nR, h = h(p,q,x) > 1. 


Let us define w(x) as the smallest i € {1,2,...,h} such that G(y)? ¥ 
is congruent to a power of ¢, modulo nF. If w(x) = 2, the number 
G(x)P?" = (G(x)?)P””* belongs to the ring Z[C,] with the Z—basis 
{1,¢p,...,¢P-?}. At this stage, one must check the following auxiliary 
condition: 


for every j € {0,1,...,p—1}, at least one 
of the coef ficients of 
G(x)" — Gs (2.25) 
with respect to this basis is relatively prime to n. 


If this assertion is wrong, n is composite, because it has a non-trivial 
common divisor with one of the coefficients. Otherwise, one can prove, 
as above, that r?-! = 1(mod p’‘*)) for all r|n, and that for all triples 
(p,q, X) with a given q one has 


x(r) = y(v”) for a certain i € {0,1,...,t}, (2.26) 
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where vy mod q is the uniquely defined residue class for which 
w(x)u 
x(v) = 1'(x), n(x) = G(x)? ~~ mod nR. (2.27) 
One can also determine the root of unity x(v) € Z|¢,] using Jacobi sums 
(Lenstra H.W. Jr. (1980)). Choose a,b € Z such that 


p does not divide ab(a + b), p? does not divide ((a + b)? — a? — bP) 


(e.g.. a = b = 1 for p < 3.109, p # 1093, 3511). Using (2.19), one can 
prove then that 
v(x) = —J(x, x”) mod nZ [6]. 

e) We must now synthesize all the calculations to obtain a residue class 
vy modulo s such that every potential divisor rjn,r < ./n, satisfies a 
congruence r = v+ mod s for some 0 < i < t. In view of the Chinese 
Remainder Theorem, it suffices to determine for every q|s a power k such 
that vy = ts mod q. To this end, we choose for every p|(q — 1) a character 
x with y(t) = Cp. From (2.27) it follows that x(t%) = ¢F = n'(x), which 
defines k mod p and finally vy mod s. 

f) It remains to check whether one of the numbers r; defined by 


r,;=v'mod s, 0<17j4<s, 0<i<t, 
actually divides n. 


A number n which passes all these checks is prime. In practice, this al- 
gorithm is quite fast (Cohen H., Lenstra H.W. Jr. (1984), Vasilenko O.N. 
(1988)). 

Primality testing can often be speeded up by the following elementary 
observation. If s is a square-free divisor of n — 1, and if for every q;|s there 
exists such an a; € (Z/nZ)* that 

ged (al? )/ a —1,n) =1, a?! =1 mod n, (2.28) 
then each prime divisor p of n is congruent to 1 modulo s. In fact, from (2.28) 
it follows that the order of a("—))/% in (Z/pZ)* is equal to q;. Since q;|(p—1), 
we have s|(p — 1). In particular, if s > \/n, then n is prime. Of course, to 
apply this observation, one must know a sufficiently large divisor s of n — 1. 

A variant of this idea is used in some new primality tests due to Lenstra 
(jr.), Goldwasser, and Killan (see Goldwasser S., Killian J. (1986), Schroeder 
M.R. (1984), Vasilenko O.N. (1988)). This trick was also used in a proof that 
Rio31 is prime (Williams H.C., Dubner H. (1986)), where R, = (10 — 1)/9. 
For lesser values of n, only Ro, Rig, Ro3, and R317 are prime. A very nontrivial 
prime decomposition of R7; was given in 1.1.*) 


*) A new general primality test of Atkin-Morain works for numbers with 1505 digits 
and has probably polynomial time. Its basic idea is to use the group of points on 
elliptic curve instead of cyclotomic fields (footnote by H. Cohen). 
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3.1. Comparative Difficulty of Primality Testing and Factorization. Let n > 
1 be an integer. The problem of finding integers a,b > 1 with n = ab can be 
divided into two steps: first, to establish their existence (this is solved by any 
primality test), second, to find them explicitly (factorization). In practice, the 
primality test described in section 2 does not give a concrete divisor of n. 
In fact, when n fails such a test, it usually fails already one of the necessary 
conditions in 2.3 b), so that the algorithm stops before we come to the stage of 
calculating potential divisors. Therefore, this algorithm factorizes only primes 
and those n which admit small divisors, namely, divisors of the numbers s 
and t, defined in sec. 2. 

As we mentioned in sec. 1, an efficient factorization algorithm could be used: 
for breaking a standard public key cryptosystem. For this reason, factorization 
has become an applied problem, attracting considerable effort and support 
(Peterson I. (1985), Simmons G.J. (1979), Koblitz N. (1987)). However, the 
running times of the best known factorization algorithms do not allow one 
to factorize a product n of two 150-digit (decimal) primes. The theoretical 
bound for this running time is of order 


L = exp (4/ $ log n(log log n)? ), (3.1) 


for several algorithms based on different ideas, and for a 250-digit n they 
may require billions years. This made Odlyzko ask whether we now see the 
actual level of difficulty of the factorization problem or whether we are just 
overlooking something essential (Peterson I. (1985)). 

Anyway, the recent progress in factorization of some concrete large integers 
(Wunderlich M.C. (1985), Wagon S. (1986)) relied more on the new hardware 
or parallel computation schemes, than on the discovery of conceptually new 
algorithms. Still, the progress is clearly visible in figure 10 taken from Peterson 
I. (1985)*), on which the following achievements are marked: 


1) The factorization of the seventh Fermat number Fy = 2}78 +1, performed 
by Morrison and Brillhart on IBM 360/91 (1975). 

2) Factorization tables of integers b” +1 (Brillhart J., Lehmer D.N., Selfridge 
J.L., Tuckerman B., Wagstaff S.S. (1983)) prepared for publication in 
1980-81. 

3) The quadratic sieve method, suggested in 1982 (see Pomerance C. (1982)) 
and later implemented on CRAY-1 at Sandia National Laboratories, Al- 
buqerque, New Mexico, USA. This method made accessible for factoriza- 
tion numbers with 57 decimal digits. 

4) 'The enhanced quadratic sieve method (1983, Davis and Holdridge), imple- 
mented on the same computer, made it possible to factorize the “difficult” 


*)Figure 10 is out of date. More recent records: factorization of Fy = 2°! + 1 (155 
digits, 3 factors with 7, 49, 99 digits) using several hundred work stations during 
several months. Factorization of Ms23 (158 digits). (See Cohen H., 1993). 
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Fig. 10 


divisors of 3128 + 1, 2753 — 11064 + 1, 3/2441, comprising 53, 55, 55, and 
58 digits respectively (these difficult divisors were found after factoring 
out all primes less than 2°°, see Peterson I. (1985)). 


5) In 1984, CRAY X-MP factorized the 71-digit number (107! — 1)/9. The 
computation took 9.5 hours. Simmons, Davis, and Holdridge implemented 
an algorithm devised for the factorization of “random” integers of that 
size (Simmons G.J. (1979)). 


6) The further progress in factorization of 80-digit and larger integers was 
expected with the advent of the new generation of supercomputers like 
CRAY-2 (USA), Fujitsu VP-200, and NEC SX-2 (Japan), see Peterson I. 
(1985). 


For special integers, factorization may be performed with the help of special 
tricks and educated guesses; this happened to Fg = 27°41 and 275? — 
1 (Brillhart J., Lehmer D.N., Selfridge J.L., Tuckerman B., Wagstaff 5.5. 
(1983)). Both amateurs and professionals are tempted by this “hunting big 
game” as D.N.Lehmer once put it (Lehmer D.N. (1933), Williams H.C. (1978), 
(1984)). 


Using the estimate (3.1), Rivest, Shamir, and Adleman calculated in 1977 
the running time of the factorization of random integers as a function of the 
number of digits, for the computers available at the time. Now a 75-digit 
integer can be factorized in several hours, but this 2-3 orders of magnitude 
acceleration is still insufficient for breaking the public key code cryptosystems. 
In fact, we can generate 100-digit primes since the primality testing of such an 
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Table 8 


Number Number of 
of digits operations 


3,9 hours 
75 104 days 
100 74 years 
200 3,8 - 10° years 
300 4,9-10'° years 


500 4,2- 107° years 


integer requires only a few minutes, whereas the factorization of a 200-digit 
number is still out of the question.*? 


3.2. Factorization and Quadratic Forms. If n = x? — y*, then x — y is in 
most cases a non-trivial divisor of n. This simple remark leads to the “Fermat 
factorization algorithm” which generally requires O(n!/?) operations but is 
more efficient if n is a product of two numbers t, s with a small difference. 
Then n = x? — y* where z = (t + s)/2, y = (t — s)/2. The algorithm consists 
of calculating x? — n for x starting with [,\/n] + 1 until a perfect square is 
found. Similar considerations can be useful in other problems (Brillhart J. 
(1981)). One can also generalize this trick and use other quadratic forms in 
factorization algorithms (Koblitz N. (1987), Riesel H. (1985)). 

Consider an imaginary quadratic field Q(,/—n). Let n be square-free. De- 
note by Cl(A) the ideal class group of this field (cf. 1.2.8 and IT.2.2). The ele- 
ments of this group may be identified with the classes under Z-equivalence of 
the primitive, positive definite quadratic forms f(z, y) = ax? + bry + cy? with 
negative discriminant A = b? — 4ac, where A = —n ifn =3 mod 4, A= —4n 
ifn =1mod 4. (Here we assume n to be odd). Denote by a = (a,b,c) such 
a form. We shall call a ambiguous if it belongs to one of the types (a, 0,c), 
(a,a,c) or (a,b,a) (Gauss C.-F. (1966), Shanks D. (1985)). The discriminant 
of an ambiguous form has the explicit factorization: —A = 4ac (resp. a(4c—a), 
(2a — b)(2a+ b)) for a = (a,0,c) (resp. (a,a,c), (a,b, a)). One easily sees that 
a converse statement is also true (Borevich Z.I., Shafarevich I.R. (1985)): a 
factorization of A of this type determines an ambiguous form. On the other 
hand, there are independent methods for constructing ambiguous forms which 
are based on the following property: they represent elements of order two in 
the class group Cl(A). In 1971 D.Shanks devised a rather fast aigorithm al- 
lowing one to factorize n in O(n!/4) operations and to determine the structure 
of the group Cl(A). This method uses the analytic formula due to Dirichlet: 


th(A) 


VI4I 


*) These figures and Table 8 are out of date (see above and Cohen H., 1993 (footnote 
by A. Panchishkin)). 


L(1,xa) = (h(A) = |Cl(A))). 
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Here ya(m) = (4), and L(1,xa) is the value at s = 1 of the Dirichlet 


L-function 
L(s, x) = D3 x(m)m-* = |] — x(p)p7*)7 
p 
The approximate pechiilee 
h(a < Hs 
a) 


is valid with a relative error < 0.1% for P > 132000. The elements of the class 
group are constructed with the help of small primes p such that (4) == J, 


They are represented by the forms F, = (p, Bp,Cp) whose coefficients satisfy 
the discriminant relation A = Be - 4pC, and are found from the condition 
A = B* mod p. Knowing the lace number h(A) = |Cl(A)|, we can construct 
the second order elements starting with x = Fy, calculating its maximal odd 
power dividing h(A), and then consecutively squaring in Cl(A) until we get 1. 


3.3. The Probabilistic Algorithm CLASNO (Pomerance C. (1987), Sey- 
sen M.A. (1987)). Recently the idea of using Cl(A) in factorization al- 
gorithms has been considerably improved. In the new algorithm, one by- 
passes the calculation of h(A), and the running time is estimated by L = 
exp(./log n. log logn), which grows slower than any positive power of n. As- 
sume first that the prime divisors of h(A) are small, or, rather, that h(A) 
divides k! for a small k. Take a random element x € Cl(A), say, x = F, for 


some p with 4 = 1 and calculate B, = 1°44 Power of KF! Then an element 


of order 2 should be contained in the sequence of consecutive squares of By. 
We need not know the exact value of k; we just hope that some small k will 
do. If we succeed, we factorize A in O(k) operations. If we fail, we can try the 
same trick for the field Q(./—an) where a is a small square-free number. 

In order to justify this procedure in general, one assumes that for variable 
a, the class number h(A,) of Q(.,/—an) behaves like a random number varying 
in a neighbourhood of ay, 2 (this estimate follows from the Dirichlet formula). 
One can then estimate the probability that h(A,) will be composed of only 
small primes. To this end, denote by ¥(z, y) the number of natural numbers 
< x not divisible by any prime > y (they can be called “y-smooth”). Put 
k = L%, a > 0. The probability that a random number of order n}/? is 
L*-smooth is W(n'/?, L*)/n'/2. We must now understand the behavior of 
W(x, y)/y. Dickman (cf. in Hildebrand A. (1986)) has shown that this depends 
essentially on the value of logz/logy. Namely, for every u > 0 the limit 
limy—oo Y(y", y)/y” exists. This limit is called the Dickman function p(u) 
and is uniquely defined by the following properties: 


for 0 <u<1l, p(u) = 1, 
p(u — 1) 


for u > 1, p’(u) = — - 
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At u = 1, p(u) is continuous. As u — oo, p(u) = ul-1+°C))", De Bruijn (de 
Bruijn N.G. (1951)) proved that 


Y(y",y) = y"p(u) (: +O. (“eee ) : 


where y > 2,1 <u < (log y)?/5~€ with a positive e. 
In our case, however, L® grows slower than any positive power of n so that 
Dickman’s theorem is not applicable. The necessary estimate has recently 


been obtained: 
W(ni/?, L) = lt LS elre): 


For more details, see Hildebrand A. (1986). 

Returning to the factorization algorithm under discussion, one sees that its 
running time for a given k = [L@] is bounded by L® and the probability of 
success is about L~!/4¢. Hence the total number of attempts should be about 
L1/4e, and the total running time will be bounded by Let+@/4%)+€ ¢€ > 0. 
This estimate is minimized by choosinga = 1/2 (i.e. k = L'/?), and the result 
is then L1t€. Of course, theoretically we may get stuck on an especially bad 
n, but this is quite improbable. 


Let us illustrate the estimate ~u “ when u is much smaller than 


x 
W(x, y) 
y (for a simple proof of this see Koblitz N. (1987), p. 137). For example, take 
y = 10° (so that m(y) = 7.104 and logy = 14) and xz = 10*8. Then the fraction 
of natural numbers < x which are products of primes < y is about 1/24. . 


3.4. The Continued Fractions Method (CFRAC) and Real Quadratic Fields 
(Koblitz N. (1987), Wunderlich M.C. (1985), Riesel H. (1985), Williams H.C. 
(1984)). Improving the Fermat factorization method, let us try to seek so- 
lutions x, y of the congruence z? = y* mod _ n such that z is not congruent 
to ty mod n. Then gcd(z + y,n) or gcd(x — y, n) is a non-trivial divisor of 
n because n divides (x + y)(x — y) but neither x + y nor x — y. Let us look 
for x among products of such numbers x; that the residue x? mod _ n with 
the smallest absolute value is a product of small primes. Then y will also be 
a product of these primes. More precisely, consider a set B = {pj, po,.--, Dn} 
all of whose elements are primes, except possibly p; which can be —1. Let us 
call such a set a factorization basis for n. We shall refer to any integer b such 
that the residue of b? mod n with the smallest absolute value is a product of 
(powers of) elements of B as a B-number. Let x; be a family of B-numbers, 
Ay = [Tj p;*’ the respective minimal residues of x? mod n. Put 


h _ 
€, = (€:1, €i2,.--,€in) € Fg, where €;; = a;; mod 2. 


Suppose that the sum of vectors €; vanishes mod 2. Put 


x =| | x; mod n, y= |[2;’, 
i 
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where : 
: han 2 d i5- 


Then x? = y* mod n. 


Example (Koblitz N. (1987), p. 133). Let n = 4633, B = {—1,2,3}. Then 
X1 = 67,29 = 68,23 = 69 are B-numbers, because 


67° = —144 mod 4633, 687 =—9 mod 4633, 59% =128 mod 4633. 


Moreover, €; = (1,0,0),€2 = (1,0,0),€3 = (0,1,0), so that we can put rz = 
£129 = 67.68 = —77 mod 4633, c = 272373 = 233% = 36. Besides, —77 is not 
congruent to +36 mod 4633. Summarizing, we obtain a non-trivial divisor 
41 = gced(—77 + 36, 4633) of n = 4633. 

Of course, if we are unlucky, it may happen that z = ty mod n. Then 
one should choose a new 2; or even a new B. An efficient method for seeking 
B-numbers utilizes continued fractions of real quadratic irrationalities. Let 
x > 1 be a real number, x = {ao,aj,...| its continued fraction expansion. 
Put A;/B; = [ao,a1,...,a;|. These convergents can be calculated from the 
relations A_yz = B_; = 1,A_; = B-2 =0 and A; = a;A;_-1 + Aj-2, Bi = 
a;B;_, + Bj-2. From the relation 


Ai Aisi _ _1)it1 ‘ 
B; Bia1 BiBis1 
it follows that 
|A? — 2? B?| < 22, (3.2) 
because 
A; A; 1 1 
pC oY) em oy ay ese pce B?—— | 22 + —— }. 
JA; — 2°B;| * 1B; af Bo * By Bo EBB 


In particular, we can find the continued fraction expansion of x = ,/n with 
the help of the algorithm described in Chapter 1, sec. 4, and a; form a periodic 
sequence. Since A? = A? — nB? mod _ n, (3.2) shows that the absolute value 
of the smallest residue of A? mod n is bounded by 2./n which can help in 
looking for B-numbers. However, A; quickly become large even with respect 


to n, and to facilitate the calculation of A? mod n one can use the congruence 
A?_, = (-1)'Q; mod n, (3.3) 


where Q; is the denominator of 2; = (./n + P;)/Q;, of A? mod n, that is, 
Jn = [ao, Q1,Q42,..-. pig De): 
In fact, applying formally the recurrence relations to ./n we get 


—  Apeite t+ Aire — Aj-i/n+ PiAi-1 + QiAi-2 
fincas eo . Ge ee 
By-1%,+ Bi-g  By-1./n + P,By_-1 + QiBi-2 
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Comparing the coefficients at 1 and ./n, we obtain 


Q;Aj-2 + PiAj-1 = nBj-1, 
Q;Bi-2 + P,By-1 = Aj-1. 


Solving this for Q;, we see that 


(A;-2Bi-1 — Ai_-1 Bi_-2)Q; = nB?_, — A?_,. 


But the coefficient at Q; equals to (—1)*~!. This proves (3.3). Recall also that 
P;,Q,; can be calculated using a very efficient algorithm which we restate in 
a slightly changed form. Let 29 = (Pp + /n)/Qo be a quadratic irrationality, 
with Qo dividing n — P?. Put 2; = (P; + /n)/Q;. Then 


Pyro = aiQi — P; a; = [Pi + /n/Qi], (3.4) 
Qitt = Qi-1 + (Pi — Pigi)ai. (3.5) 
This follows directly from 2341 = 1/(x; — a;), or 
P,+Jn ee Qist 
AF ‘Pit Vn 


If this method does not provide us with the required amount of B-numbers, 
we can repeat the calculations with an instead of n where a is a small square- 
free number. The number of operations required is estimated by 


LV3/2 = exp ($n ogtg 


(compare with 3.3), and the practical efficiency of this algorithm was demon- 
strated by its application to the Fermat number Fy, = 2/28 — 1 (Morrison 
M.A., Brillhart J. (1975), Williams H.C. (1984)). 

Let us describe also an elegant algorithm SQUFOF due to Shanks which 
is also based upon the arithmetic of real quadratic fields (Riesel H. (1985), 
Williams H.C. (1984)). It consists of two stages. 


1) Put ro = Vn, that is, Po = 0,Qo = 1 in the formulae (3.4), (3.5). 
Calculate zm until we find an odd integer m such that Q,,-1 = t? for 
some natural t. From (3.3) it follows that A2,_. = t? mod n. Presumably, 
one can then find a divisor of n with the help of the Euclidean algorithm 
as gcd(Am—2 + t,n). In practice, however, Am—2 is usually too large to 
be calculated directly, so that one changes tactics. 

2) Put Py = Pm, Qo = t,Zo = (Po + Vn)/Qo and calculate the tails of the 
continued fraction expansion of Xo, I; = (P, + J/n)/ Q;. We perform this 
until we find such %, that P, = P,+1. From (3.4) and (3.5) it follows, that 


GigQq = 2P,, Qq divides n — ioe 
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Hence either Qa: or Qq /2 divides n. If this divisor is trivial, one should 
again replace n by an for a small a and repeat the calculations. Using a 
calculator for factorizing a number < 10°, it is convenient to write the 
intermediate results in a table. Table 9 illustrates the course of calcula- 
tions for n = 11111 = 41.271. In general, q is about m/2 (in our example, 
m = 7,q = 4. The algorithm is based on the fact, that the fractional ideal 
(1, Zo) is of order two in Cl(4n), and on the second stage we calculate the 
corresponding ambiguous form in disguise. The number of operations is 
estimated by n!/4. 


Table 9 


rote] = pep =] 
Ps [oe for fa fof 


Since 


P 82+ 711111 24 V11111 
aaa 


41 ~ Al 


the ideal (1,%4) corresponds to the ambiguous form (41,0,-11111/41), or 
(41,0,-271), with the discriminant 4n. 


3.5. The Use of Elliptic Curves. The general idea of utilizing the calcu- 


lations in a finite group (such as class group) in order to factorize n found 
unexpected implementations using groups of different types. 


a) 


Pollard’s (p — 1)-method. Suppose that n has such a prime factor p that 
the order of (Z/pZ)* is “smooth”, that is, p — 1 divides k! for a not 
too large k, say, k < 100000. Then we can proceed as follows: calculate 
consecutively a; = 2% — 1mod .n using the recursive relation a’t! = 
(a; + 1)*+! — 1 mod n and find gcd(ax,n); it will be divisible by p in 
view of Fermat’s little theorem. This will fail if there are no pin with 
smooth p — 1 (Pollard J.M. (1974)). For a change, one can try to use the 
multiplicative groups of fields F,- of order p” — 1. For r = 2, we obtain 
the Williams p + 1-algorithm (Williams H.C. (1982)). 

Much wider perspectives of varying the finite group in the factorization 
algorithms are opened by elliptic curves over finite fields. Their use leads 
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to one of the fastest known factorization algorithms requiring O(L'**) 
operations (Lenstra H.W. Jr. (1987)). 


Choose a random elliptic curve [ and a point P on it. To this end, choose 
random integers a,2o,yo and put b = y% — 422 — azo, P = (29, yo). Then 
P = (20, yo) is a point on the curve defined by the equation 


| ke y*? =4a2 +axr+b 


(cf. 1.3.3). It is an elliptic curve over Q, if the right hand side cubic polynomial 
has no multiple roots. We may also assume that the discriminant of this 
polynomial is relatively prime to n; otherwise we either get a non-trivial 
divisor of n, or must change the curve. 

In the projective plane, J’ is determined by the homogeneous equation 


Y°Z =4X94+0XZ°4+ 2° (X =2Z,Y =yZ). 


Reducing it modulo a prime p, we obtain an elliptic curve over F, = Z/pZ. 
Its identity is Or = (0: 1:0), and the order of I'(F,) equals p+ 1 — a, where 
|ap| < 2,/p (Hasse’s theorem, see Chapter 1, sec. 3). 

Assuming now that (p+ 1 —a,)/k! for some p|n and small k, we calculate 
consecutively P; = i!P mod n in the projective plane over Z. The prime p 
must divide the Z-coordinate of P,, and the gcd(n, Z;,). If we are lucky, O(k) 
operations will provide us with a non-trivial divisor of n. Otherwise one should 
renew the curve, without wasting too much time on an unsuccessful choice 
( “the strategy of early interruption”). In order to optimize the choice of k for 
each test curve and the number of tests, let us take p = n?. The probability of 
success with k = [L°] is approximately ¥(n°, L®)/n® = L-8/22+0()) (see 3.3). 
Hence we shall have to try about L°/2% random elliptic curves with a marked 
point, whereas for each of them the number of operations will be estimated 
by L®. The general number of operations L°+4/2¢ is minimal for a = \/3/2. 
In the worst case, a = 3 = 1/2 we get L'**, € > 0. 

Notice that our estimates are based upon the following heuristic conjecture: 
the orders of the groups I’(F,) behave with respect to the smoothness property 
as the random numbers taken from (p — 2,/p+ 1,p + 2,/p +1). The belief in 
this conjecture is strengthened by the study of the set of isomorphism classes 
of elliptic curves modulo a prime (Lenstra H.W. Jr. (1987)). 

We must also notice that some new cryptosystems using elliptic curves also 
were suggested (Koblitz N. (1987)). 

There exists a probabilistic algorithm with rigorously estimated running 


time 
O(LV*/?) 


due to J. Dixon (1984), and several probabilistic algorithms using linear or 
quadratic sieves, with the expected running time 


O(L¥?) and O(L) 
respectively (Pomerance C. (1982), Wagon S. (1986)). 
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Many more interesting algorithms and computer programs can be found 
in Riesel’s book (Riesel H. (1985)). One can also find there some heuristic 
arguments in favour of existence of the algorithms which would be much 
faster then everything we know now. 


§4. Diophantine Approximation and the Irrationality 
of ¢(3) 


4.1. Ideas in the Proof that ¢(3) is Irrational. One of the amazing math- 
ematical inventions of recent time showing the vast undiscovered power of 
elementary methods in number theory, was the proof of the irrationality of 
¢(3) = )>°°_, n~? found by the French mathematician Apéry. This proof was 
first presented in June 1978 in the conference Journées Arithmétiques de Mar- 
seille — Luminy. 

We follow here an informal exposition of the proof due to van der Poorten 
(1979), who notes the original mistrust of the proof among other mathemati- 
cians, which was at first taken as a collection of mysterious statements. 


1) For all integers aj, ag, ... 


o+ai):::(c+ax) 2 


5 Seed (al 
((3) =5 > aan (4.2) 
3) Consider the recurrence relation: for n > 2 
n°Un — (34n3 — 51n? + 27n — 5)un_1 + (n— 1)?un_2 = 0, (4.3) 


and let b,, be the sequence defined by the initial conditions bp = 1,1 = 
5 and the relation (4.3). Let a, be the sequence defined by (4.3) and 


the initial conditions ag = 0, a; = 6. Then the denominators of the 
rational numbers a, divide 2[1,2,...,n]* where [1,2,---,n] denotes the 
least common multiple of the numbers 1,2,...,n. 


4) The sequence a,,/b, converges to ¢(3) rapidly enough for one to establish 
irrationality of ¢(3). Moreover, for € > 0 and for all integers p,q > 0 with 
q sufficiently large the inequality holds 


Dp 1 
3 > 9 @ — 13.41782... 4.4 
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One has the following continued fraction expansion: 


6 
a rg (4.5) 
Dt rt GR 
p(1) — — 
p(2) — 
6 
nN 
ea eee 
p( ) aay 
1.e. . 
ee | 1 | 64 | 729 | 4096 
~ 5 117— 535— 1436— 3105— 
| n® 


34n3 4+51n24+27n+5 


4.2. The Measure of Irrationality of a Number. In §4 of Chapter 1 we 
noted a link between the property of a number @ being irrational and the 
existence of infinitely many good rational approximations p/q to (, i.e. such 
that the equality holds 

1 
B- 4 ere 
q q 
Analogously one could state the following criterium for the irrationality of a 
number: if there exists 6 > 0 and a sequence {p,/qn} of rational numbers 
{Dn /dn} 4 GB such that qn steadily increases and 


1 


< W465 Ce a eee | (4.6) 
dn 


pe 
dn 


then @ is an irrational number. The use of this criterium gives an interesting 
1 

measure of irrationality: if |G — ad < yy, and gn steadily increases in such 
dn dn 


a way that gn < q,*% for sufficiently large n relative to k > 0 then for any 


fixed € > 0 and for all sufficiently large p,q > 0 the following equality holds: 


p 1 


In the interesting case when q, increases geometrically, i.e. qn < Ca", a > 
1, then one could take for « an arbitrarily small positive integer, and the 
exponent in (4.7) becomes 1 + (1/6) which is called the irrationality degree of 


4.3. The Thue-Siegel-Roth Theorem, Transcendental Numbers, and Dio- 
phantine Equations. (cf. Roth K.F. (1955), Davenport H. (1958), Sprindzuk 
V.G. (1982), Fel’dman N.I. (1982), Shidlovski A.B. (1987), Mazur B. (1986), 
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403]). This famous theorem states that if 6 is an algebraic number, i.e. a root 
of a polynomial f(X) = a,X" + an_1X" 1 +...+ a9 (a; € Z), then for an 
arbitrary fixed e > 0, C = C(e) > 0, and all sufficiently large q the following 
inequality holds: 

D 1 


In other words, if we take arbitrary positive constants C’ and ¢, then there 


exist only a finite number of approximations z/y of @ satisfying the inequality 


C 
y2te ° 


x 
aes 49 
fs ; < (4.9) 


In particular, if the inequality (4.6) holds for a sequence (p,/qn) with a fixed 
6 > 1, then the number ( must be transcendental (i.e. not algebraic). However 
it turns out that this condition defines only a subset of the transcendental 
numbers of measure zero. 

Surprisingly, the method of Apéry turned out also to be applicable to the 
number | 


(Q)= Sr =a /6, 
n=1 


whose transcendence is well known. However Apéry’s proof implies the in- 
equality 
1 


arqe: # = 1.85078... (4.10) 


> 


for all e > 0 and q sufficiently large. One also knows that the irrationality 
degrees of 7? and ¢(3) are not greater than 6 and 6’ respectively. 

Note that the theorem of Thue ~ Siegel — Roth has very important applica- 
tions in the theory of Diophantine equations, which can be explained by the 
example of the equation 


X?-—5Y2 =m (m0) (4.11) 


for a fixed integer m. This equation resembles Pell’s equation, but its degree is 
greater then 2. If (z, y) a solution of (4.11) then the following equality holds: 


| F ~3/5| < a (c = 3m). (4.12) 


However if we take € > 0 such that 2 +e < 3 then Roth’s theorem implies 
that there are only finitely many solutions for the inequality (4.12), and hence 
for the equation (4.11). | 

Using algebraic geometric methods, but resting on essentially the same 
idea, Siegel established the following result: 


Theorem (Siegel C.L. (1929)) Let f(X,Y) be an irreducible polynomial 
with integer coefficients. Then the equation 
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F(X, o) = 0 (4. 1) 
has only finitely many integral solutions excluding the two special cases: 


a) The curve f(X,Y) =0 admits a rational parametrization: substituting to 
(4.13) non-zero rational fractions X = p(t)/q(t), Y = r(t)/s(t) € Q(t) 
this equation becomes an identity of rational functions of t. 

b) The projective envelope of the curve (4.18) has not more than two points 
at infinity. 


In particular, the Thue equation f(x,y) = m where f(x,y) € Z[z, y] is an 
irreducible form of the degree n > 3, has only a finite number of integral solu- 
tions. A. O. Gelfond (see in Gelfond A.O. (1983)) has shown that an effective 
bound for solutions of the Thue equation can be obtained if one has a good 
lower bound for the module of linear forms of logarithms of algebraic num- 
bers Q1,...,Q, (with integer coefficients). Such estimates were obtained by 
A. Baker (1971), making it possible to solve a number of important arithmetic 
problems. These problems include besides bounds for solutions of Diophan- 
tine equations (Sprindzuk V.G. (1982), Stepanov S.A. (1984), Schmidt W.M. 
(1979), Baker A. (ed.) (1986), Lang S. (1960), (1962)), also effective bounds 
for the class numbers of algebraic number fields and the numbers of equiva- 
lence.classes of quadratic forms (Baker A. (1971), Stark H.M. (1967), (1969)). 
An effective upper bound (see Baker A. (ed.) (1986), Sprindzuk V.G. (1982), 
Shorey T.N., Tijdeman R. (1986)) 


y” < 2% < expexpexpexp 10° 
was obtained by Baker’s method for solutions of the Cathalan equations 
go y = 1 


which provide an example of an exponential Diophantine equation systemati- 
cally studied in Shorey T,N., Tijdeman R. (1986). 


4.4. Proofs of the Identities (4.1) and (4.2). First of all the equality 


3 QiQQ°"'Qk-1 Lg A K-1 (4.14) 
4 (x +a4)- ea) x aa aCEars ) 


is easy to check. We may write the right hand side in the form 


@142 °°: QAk-1 


Ona eae Coa (x + ag) 


and note that each term in the left hand side is equal to Ax_,; — Ax. The 
identity (4.1) follows immediately from (4.14). 

Now substituting x = n? and a, = —k? and taking k < K < n—1 we 
obtain 
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a ae eee (=)? (n= 
oa — a —k2) ~ n2— n2(n? — 12)---(n? —(n —=1)*) 
i ae | 
rT 
12(m _ bY! 
Writing €n,~ = eae we have 


ar eer 


(—1)* n(En,k — En—-1k) = G2 212) 2G?) 


from which follows the identity 


N n-l N 7: N (-1)r7! 

S> So (-1)* (Ene — En-1,k) = DZ —- 2d” ary OT aes 

n=1k=1 mst i n=1 ut ey 

N Myke eet (4.15) 
_1)k = as ere: i See 3 

2| 1)"(En,k — Ek,k) a 2K3 (FA) (®) p> 3) ; 


. 


The equality (4.2) is implied by (4.15) on noting that the sum 
N+k\ (N 
gan ROE) Ge) 


tends to zero as N — oo. 


4.5. The Recurrent Sequences a7, and b,. Write the recurrence relation 
(4.3) satisfied by a, and b,: 


nean — P(n—1)an—1 + (n— 1)%an_2 = 0, 
nbn — P(n—1)bn_1 + (n — 1)%bn_2 = 0, 
where P(n — 1) = p(n) = 34n? — 51n? + 27n — 5. If we multiply the first 
equality by b,1 and the second by an—1, and then subtract second from the 
first, we get 
1° (Anbn—1 - An—1bn) oe (n = 1)°(a@n—1bn-2 cs An—2bn-1). 


Recall that by the initial conditions we have a,bo — agbi = 6-1—0-5 = 6, 


which implies , 


Anbn—1 os An—10n = a (4.16) 


This easily leads to the relation 


—_— —_— a —— ees e 4, 
ets) - § igs 7 008 (4.17 
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This is proved by the induction starting from the equality ¢(3) — @ = ¢(3). 
The absolute values of the numbers b, can be easily hoe using the 
relation 


by — (34 —51n7! + 27n~? — 5n~3)bn_1 + (1 — 3n71 4+. 3n7? — n73)by_2 = 0. 


Using the fact that the “linerized characteristic polynomial” of this recurrence 
relation is x? — 34x + 1 and has roots 17 + 2/72 = (lee /2)4, we obtain the 
estimate 


b, = O(a"), a=(1+ V2)*. 


Assume for a moment that that the statement in 3) on integrality of the 
numbers 6, and on the denominators of a, dividing 2{1,2,---,n]° is already 
proved. Then it is easy to complete the proof as follows. Let 


= 2/1,2,---,n]an, gn = 2[1,2,--+, n]2bn, 


where Dn, Qn € Z. The value of [1, 2,---,n] can be estimated using for example 
a rough form of the prime number theorem: )> p<z i © x/logz. Then 


(1, 2, a ni = I] plicg n/ log P] < I] noms nr/logn =e”. 


psn psn 


Hence gn = O(ae?") and 


cca) - = O(b=2) = O(a-™") = O(ge +9) 


nr 


with the constant 6 = (log a — 3)/(loga + 3) = 0.080529... > 0. According to 
the irrationality criterium in 4.2 we obtain the statement (4.6) in which the 
irrationality degree is not greater than 1 + (1/6) = @. 

The statement on the denominators of the numbers a,, and b, is one of 
the most difficult points of the proof. Apéry proved this fact by explicitly 
constructing the sequences a, and b,: 


n 2 2 n 2 2 
n nt+k n n+k 
= 3 (7) ( k ) m= (7) ( k ) ena 


-> + or = Tan) (4.18) 


m 


where 


It follows from these formulae that the numbers a, are integral. The bound 
on the denominators of b,, is given by the fact that all of the numbers 


2[1,2,--- n> Cn k (" : " 
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are integers. The proof of this uses an estimate for the maximal power with 
which a prime p can arise in the denominator of each term in the sum (4.18) 
defining cp x. 


4.6. Transcendental Numbers and the Seventh Hilbert Problem. It is use- 
ful to compare the given elementary proof with the highly developed theory of 


dee ets aut See Te 
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Part II 
Ideas and Theories 


Chapter 1 
Induction and Recursion 


$1. Elementary Number Theory 
from the Point of View of Logic 


1.1. Elementary Number Theory. Almost all of part I of this book belongs 
to elementary number theory (ENT). This notion can be rigorously defined 
using tools of mathematical logic, but in order to do this one must first intro- 
duce a formal language of arithmetic and fix an adopted system of axioms (one 
or other version of Peano’s axioms). In order to avoid such irrelevant details, 
we restrict ourselves to some intuitive remarks. In ENT there are some initial 
statements and some axioms, which formalize our intuitive ideas of natural 
numbers (or integers), as well as certain methods for constructing new state- 
ments and methods of proofs. The basic tool for construction is recursion. 
In the simplest case assume that we want to define some property P(n) of 
a natural number n. Using the method of recursion we explain how one can 
decide whether P(n +1) is true if it is already known whether P(1), ..., P(n) 
are true or not. Say, the property “n is a prime” can be defined as follows: “1 
is not a prime; 2 is a prime; n+1 > 3 is a prime iff none of the primes among 
1, 2,..., n divide n+ 1”. Analogously the main tool in the proofs of ENT is 
induction. In order to prove by induction a statement of type “Vn, P(n) is 
true” we first prove say P(1) and then the implication “Vn the property P(n) 
implies P(n +1)”. 

Even in the earliest research into the axiomatics of number theory (Peano, 
Frene) it was established that all the notions empirically thought of as be- 
longing to ENT (such as divisibility, primality etc.), functions (the number 
of divisors, the Euler function y(n), 7(x)) and theorems (Fermat’s little the- 
orem, the quadratic reciprocity law etc.) can be respectively constructed by 
recursion and proved by induction Rogers H. (1967), Manin Yu.I. (1980). 

It happens sometimes that a result admits an elementary formulation, but 
its elementary proof is not known. For example, the prime number theorem 
T(x) ~ ee can be stated in an elementary way assuming that x runs only 
through natural numbers, and replacing log x by the sum )>;_, *; an elemen- 
tary proof of this theorem was found only in the late 40s by Selberg, while 
the analytic proof had been known for half a century. 
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1.2. Logic. The study of ENT from the point of view of logic has lead to 
new concrete number theoretical results which we shall discuss below. However 
the most important consequence of this study has been that the place of ENT 
inside mathematics in general has become much clearer. We wish to stress the 
following three aspects. 


a) ENT as a mathematical discipline in principle can not be “self-sufficient” . 
For every choice of axioms there will always be statements which can be 
formulated in an elementary way, and which are decidable, but which can 
not be deduced using only elementary methods (cf. the theorem of Godel 
(Godel K. (1931)), in Manin Yu.I. (1980), (1987)). 


Thus the historical tradition of proving number theoretic facts using anal- 
ysis (Euler, Jacobi, Dirichlet, Riemann, Hardy, Littlewood, Vinogradov, 
...), geometry (Minkowski, Hermite, ...) and generally all possible tools, 
has deep reasons. 


b) ENT can be used by means of formal logic to model any axiomatized 
mathematical discipline inside elementary number theory (Gédel). 


In such a modeling we forget the contentive sense of the definitions and 
theorems of our theory and leave only information concerning their formal 
structure, and syntactic rules for deducing one statement from others. 


Enumerating by Goddel’s method all syntactically correct statements by 
natural numbers, we can then write a program or algorithm to list all 
provable results of our theory (its theorems). Thus a theory is modeled 
by a function f : Zt — Zt? (the first Zt is a number generating the 
theorem, the second is the encoded statement in the theory). Instead of 
asking whether the theorem with number n is provable we can ask whether 
the equation f(x) = n is solvable. 


Although the equation f(z) = n is defined in terms of ENT, it is far 
from being a Diophantine equation since the function f is not a polyno- 
mial. As was shown by Yu.V.Matiyasevich, it is possible to reduce this 
problem to a Diophantine one. He showed that one can find a polynomial 
P;(21,...;%mj;n) with integral coefficients such that the solvability of 
f(x.) = n is equivalent to the solvability of Ps(x;n) = 0 with ¢ € (ZT)™. 
The calculation of Ps from f is completely effective (as is the construction 
of f given the system of axioms defining the initial theory). 


In this sense the problem of provability of any mathematical result is 
equivalent to a standard kind of number theoretical problem. (The reader 
who is used to thinking not in terms of “provability” but of “truthfulness” 
must at this point take consciously some intellectual precautions. Con- 
sidering for example the theorem of Godel-Cohen that the continuum - 
hypothesis is independent of the standard axioms of set theory, it is clear 
that “truthfulness”, as opposed to “provability”, is a rather philosophical 
notion. It would therefore be unreasonable to expect it to have a precise 
mathematical definition.) 
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c) ENT provides a framework for the precise formulation and study of the 
notions of algorithm and (semi-)computable function. These notions, im- 
plemented in the theory of recursive functions, turn out to be much more 
universal than one could expect a priory (the Church thesis, cf. Manin 
Yu.I. (1980), Rogers H. (1967), Kozmidiadi V.A., Maslov A.N., Petri V.N. 
Eds. (1974)). 

The theory of recursive functions has both a fundamental general mathe- 
matical meaning, and an applied meaning. Its methods are used in proving 
the Matiyasevich theorem mentioned above. 


In the next section we formulate some basic facts from the theory of recur- 
sive functions, which have independent number theoretical interest. We then 
give some precise definitions and hints of proofs. 


$2. Diophantine Sets 


Definition 2.1. A subset E Cc (Zt+)™, m > 1 is called Diophantine if there 
exists a polynomial with integral (or, equivalently, with natural) coefficients 


P(t,. Pa shy La . sla ys 
such that 


(t1,...,tm) € E <=> 3(21,...,%n) € (Z*)", P(t,x) =0. 


Every Diophantine set is ennumerable in the following informal sense of 
the word: there is a deterministic algorithm, which produces one—by-one all 
elements of E (a formal definition will be given in the next section). Indeed, 
let us check one—by-—one all the elements of (Zt)™*”: substitute them into 
P and, if we get zero, write down the first m coordinates. We thus obtain a 
growing list of elements of E, which exhausts E when we pass to the limit. 


Theorem 2.2. Conversely, every ennumerable set is Diophantine. Its defin- 
ing polynomial can be effectively constructed from the algorithm generating 
E. 


It seems a priori that there are many more ennumerable sets than Dio- 
phantine sets; it is therefore clear that in proving theorem 2.2, one needs to 
prove the Diophantineness of some unexpected sets. J. Robinson discovered 
that this problem can be simplified if one takes for granted the Diophantine- 
ness of the set {(a,b,c) | a = b°}, and Yu.V. Matiyasevich (1972) established 
this last step. Below we give some examples and constructions used in the 
proof, which are purely number-theoretical. We first formulate the following 
very general property. 
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Proposition 2.3. The class of Diophantine sets contains the level sets of 
polynomials with integral coefficients, and it is closed with respect to the op- 
erations of finite direct sum, finite intersection, and projection. 


This follows immediately from the definition. It suffices to note that if 
E,F c (Z*)™ correspond to polynomials P,Q respectively, then EM F cor- 
responds to P*? + Q?; EU F corresponds to PQ, and E x F corresponds to 
P? + ©2, where Q is obtained from Q by renumbering the first m variables. 

Now we give the key arithmetical lemma — the proof of the Diophantineness 
of a set related to solutions of Pell’s equation (it is important that for this set 
one coordinate grows approximately as the exponent of the other). 

Consider Pell’s equation x? — dy? = 1 (d € Z* is a square free integer). Its 
solutions (x,y) € (Zt)? form a cyclic group with respect to the following law 
of composition: if (1, y1) is a solution with the first coordinate minimal, then 
any other solution is of the type (%n, yn), where n € Z* and 


tn + UnVd = (21 + Vd)”. 


The number n is called the solution number (cf. I, 1.2.5). 

The coordinates Zn, Yn grow exponentially with n, but the set of solutions, 
and its projections on the x- and y-axes are Diophantine. However this is still 
not what we need: the main difficulty is to include the solution number into 
a set of coordinates of a Diophantine set; only then will we be able to use 
further arguments. This is done below. 

It is convenient to use for d the number d = a” — 1, a € Z", since in this 
case (21,41) = (a,1). The equation x? — (a? — 1)y? = 1 will be called the 
a-equation. Define two sequences £n(a), yn (a) to be the coordinates of its n* 


solution: | | 
Ln(@) + Yyn(a)Va* —1 = (a+ Va? — 1)". 


Formal definitions of x,(a) and yn(a) as polynomials in a can easily be given 
by induction over n. Then xn(a) and yn(a) will have sense for all n € Z and 
a € C. In particular, z,(1) = 1, yn(1) = n; in this extended range all of the 
formulae given below will be valid. : 


Proposition 2.4. The set E : y = yn(a), a > 1 is Diophantine in the 
(y, n, a)-space. 


The idea in the Diophantine reconstruction of n from (y, a) is based on the 
remark, that the congruence 


Yn =nmod (a—1) 


determines n uniquely for n < a -— 1. In order to treat the general case, an 
auxiliary A-equation is introduced, with big A. Its n* solution so that n be 
used only in Diophantine context. 

Besides the main variables y,n, a, one introduces six auxiliary variables: x, 
x’,y’; A; x1, y1. Furthermore define the following sets: 
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Ey: y>n, a>]; 
Ey: 2? — (a? —1)y? = 1; 
E3:y' =0mod 2z27y?; 
E4:2'* — (a? —1)yP? = 1; 
Es: A=a+2'*(x’* —a); 
Eg : a? — (A? — 1)y? = 1; 
Ez: y, —y =0mod g!?. 

Fg: y,=nmod 2y. 


The sets EF; are all Diophantine, and pr E’ = E, where E’ = 18_, E;. In order 
to check this fact we use the following properties: 


y.(a) =kmod (a-—1). (2.1) 
Ifa =bmod cthen yp(a) = yn(b) mod c. (2.2) 
If yi(a) = y;(b) mod z,(a), a>1theni=j mod 2n ori1=-—Jj mod 2n. 
(2.3) 
If yi(a)"|y;(a) then y;(a)|9. (2.4) 


Properties (2.1) — (2.4) are easily deduced from the equalities 


Entm(a) = Ln(@)Fm(a) + (a — 1)yn(@)ym(a), 
Yntm = ££n(4)Ym(a) + Fm(a)yn(Q). 
2.5. The Graph of the Exponent is Diophantine. We now prove that the set 
E :y =a” in the (y,a,n)-space is Diophantine. It suffices to check Diophan- 
tineness of Eg = EN {a|a> 1}. For a > 1 one easily obtains by induction 


on n that 
(2a — 1)” < yn4i(a@) < (2a)” 


in the notation of 2.4. From this it follows that 


q” = [Yn+1(Na)/yn+i(N)| 


for sufficiently large N. To be more precise, Eo is the projection of the set £}: 
a>1; 0< ynti(N)y — yntily)s N > 4n(y + 1); 


and Diophantineness of EF, is then obtained by introducing trivial auxiliary 
relations y’ = Yn4i(N) and y” = yn4i(Na). 


Proposition 2.6. The set EF: r= (1), n > k in the (r,k,n)-space is Dio- 
phantine. 


Lemma 2.7. If u > n® then (4) is equal to the remainder of the division 
((u+1)"/u*] by u. 
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The proof follows from the binomial formula 


n k-1 
nk n\  i-k n \ i-k 
(u+1)"/u eo ()u +()+O(F)e . 
t=k+1 i=0 
The first sum is divisible by u and the second is less than 1 for u > nx. 


The proof of Proposition 2.6 has the same scheme, using the auxiliary 
variables wu and v and the relation 


Ey:u>n®; Eg:uv=([(u+1)"/u*}; 
E3:r=umod u; by:r<vu; Es:n>k. 


From the lemma it follows immediately that E = pr U?_, E;. The Diophan- 
tineness of F follows from that of the exponent; the Diophantineness of E3, 
E4 and Es is obvious. The Diophantineness of Ez becomes clear if we represent 
FE» in the form 

(u+1)"<u*v <(uti)"+u* 


and use again the Diophantineness of the exponent. 


Proposition 2.8. a) The set E:m= kl is Diophantine. 


b) The set 
E: = (”""), p> ak, 
y k 


is Diophantine in the space (x, y, p,q, k). 


The proof is a modification of the arguments in 2.6, 2.7, using the following 
lemma. 7 


Lemma 2.9. a) If k > 0 and n > (2k)**? then 


b) Let a > 0 be an integer such that a = 0(mod (q*k!)) and a > 2?~1pFt}. 
Then 


fet = ar a(t + q~?)P/4] = afa?*-1(4 pig yPr a): 


The proof of this lemma follows from some elementary computations, and 
Proposition 2.8 is proved using the same methods as above. 


2.10. Supplementary Results. The Diophantine representations stated 
above are used in the proof of the general theorem of Matiyasevich. On the 
other hand they can also be used to find exponential — Diophantine represen- 
tations for some interesting concrete sets. As an example, consider the set of 
prime numbers. By Wilson’s theorem, p is a prime <=> (p—1)!+41 is divisible 
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by p. The set of prime numbers is therefore a projection of the set of solutions 
to the following system of equations 


p=f+l1 
q= f! 
q-—-ap=1. 


which is Diophantine in view of the Diophantineness of qg = f!. 

Any Diophantine subset E Cc Z+ coincides with the set of all natural val- 
ues of a polynomial with integral coefficients (on (Z*+)”). Indeed if E is the 
projection of P(t;2,...,2%n,) = 0 then Q(t;71,...,2n) = t(1 — P?) is the 
appropriate polynomial. Thus the set of all primes can be represented as the 
set of all natural values of a polynomial Q. (It should be noted that Q will 
take infinitely many other integral values < 0, which is unavoidable). 

The Fibonacct numbers form the sequence 1, 1, 2, 3, 5, 8, ..., Unyo = 
Un+1 + Un. J. Jones found that this sequence can be represented as the set of 
positive values of a very simple polynomial in two variables (this is not the 
case for the set of all primes): 


2a*b + a®b* — 2a7d? — a® — abt + 2a. 


Although, as we have noticed above, the question on the provability of 
any theorem can in principle be reduced to a Diophantine equation, some 
concrete problems admit natural reductions without the use of a formal lan- 
guage. We refer the reader to the very interesting and informative article Davis 
M., Matiyasevic Ju., Robinson J. (1974). In particular, this article contains 
Diophantine forms of the Riemann Hypothesis and the four-colour problem. 


§3. Partially Recursive Functions and Ennumerable Sets 


3.1. In this Section we give a precise definition of a class of partial func- 
tions from (Z*)™ to (Zt)”. This definition can be considered as an adequate 
formalization of the class of (semi-)computable functions. Using the definition 
one is able to define the class of ennumerable sets. We shall denote by D(f) 
the domain of definition of a partial function f, Rogers H. (1967), Manin Yu.I. 
(1980). 


3.2. The Simple Functions. 
suc: Zt > Zt, suc(x) = 2+]; 
1 2 (Z+)" = Zt, 1 (a21,...,2n) =1 n> 0; 


peo Zs) s-Z, Plo Qin A) Se, es 
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(a) 


(b 


—/ 
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3.3. Elementary Operations on Partial Functions. 


Composition (or substitution). This operation takes a pair of partial func- 
tions f : (Zt)™ — (Zt)" and g : (Zt)” — (Zt)? and gives a partial 
function h = go f : (Zt)™ — (Z*)?, defined as follows 


D(g0 f) = f~*(D(g)) N D(f) = {x € (Z*)™ | z € D(f), f(x) € D(g)}, 
(9° f)(x) = g(f(z)) for x € D(go f). 


Junction. This operation takes partial functions f; from (ZT)™ to (Zt)", 
i= 1,...,k to the function (f;,..., f,) from (Zt)™ to (ZT)™ x --- x 
(Z*)"* defined as follows 


D((fis--+>fk)) = D(fi)--- A D( fk), 
(fiy.- +) fe)(L1,°++5 2m) = (fi(215 +++) 2m), +++ y fe(L1, +++, Lm)). 


Recursion. This operation takes a pair of functions f from (Z*)” to Zt 
and g from (Z*)"*? to Zt, to the function h from (Z*)"*! to Zt defined 
as follows | 


h(x1,.--,2n,1) = f(t1,-.-,2n) (the initial condition); 
WMG iysxng Bag te 1) S O05 2400s hy Rss asg Gas k)) fork S 1 
(the recurive step). 


The domain of definition D(h) is also described recursively: 
(11,..-,2%n,1) € D(h) = > (21,.-.,2n) € D(f); 


(%1,...,2n,k +1) € D(h) => (41,...,2n) € D(f) and 
(11,...,2n,k,h(xy,...,2n,k)) € D(g) for k > 1. 


The - Operation. This operation takes a partial function f from (Zt+)"T! 
to Z* to the partial function h from (Zt)" to Zt which is defined as 
follows: 


D(h) ={(21,...,2n) € (ZT)"|Sang1 > 1 f(t1,..-,2n,2n41) = 1 
and (2%1,...,2n,k) € D(f) for all k < rn44}, 


ME taey Cy) = Iminl Fae7- | ft (Ciseies Cay ease) = Ly. 


Generally speaking, the role of ju is to introduce “implicitly defined” func- 
tions. The use of 4 makes it possible to introduce a one—by—one check of 
objects in order to find a desired object in an infinite family. The following 
three features of 4 should be stressed immediately. 

The choice of the minimal y with f(z1,...,2%n,y) = 1 is made, of course, 
in order to ensure that the function h is well defined. 

Also, the domain of definition of h seems at first sight to be artificially 
diminished: if, say, f(r1,...,2%n,2) = 1 and f(21,...,2n,1) is not defined, 
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we consider h(xz1,...,£n) to be undefined, rather than being equal to 2. 
The reason for this is the wish to preserve the property that h is intuitively 
computable. | 


Finally we remark that all previously defined operations produce every- 
where defined functions if applied to everywhere defined functions. This is 
obviously not the case for the operation yz. Hence this is the only operation 
responsible for the appearance of partially defined functions. 


Definition 3.4. 

(a) The sequence of functions f,--- fn is called a partially recursive (resp. 
primitively recursive) description of a function f = fy if f; is one of 
the simple functions; f; is for all 7 > 2 either a simple function or is 
obtained by applying the elementary operations to some of the functions 
fi,-::,fj—-1 (resp. one of the elementary operations apart from ). 

(b) The function f is called partially recursive (resp. primitively recursive), 
if it admits a partially recursive (resp. primitively recursive) description. 


Polynomials with positive values. We first establish the recursivity of sums 
and products. 


a) 


sum: (Zt)? > Zt, (21,22) + 214+ 22. 


Use recursion over x2 starting from the initial condition 2; +1 = suc(2), 
with the recursive step x1 +k+1=suc()_,(21,k)). 


va) 
sum, :(ZT)" Zt, (x4,...,2n)> a5 n> 3. 
i=1 


Assuming that sum,_; is recursive we obtain sum, using junctions and 
composition 


nr nr 
sum, = SuM2 o (SUM,~-1 O (prf,:+:,Pln_1);2n)- 
Another version is the recursion over x, starting from the initial condition 
suc osum,—, and the recursive step 


n—1 
S- x, +k+1 = suc(sum,(21,...,2n-1,k)). 


i=1 


One finds that the number of recursive descriptions of a function increases 
step—by-step, even if one only counts the “natural” descriptions. 


prod, : (Zt)? > Zt, (21,29) + 2122. 
2 


Use recursion over x2 starting from the initial condition x,, with the 
recursive step 21(k + 1) = 21k +21 = sume(21k, 721). 


prod, :(Zt)" > Zt, (21,...;2n)? U1 +... En, N23: 


86 Chapter 1. Induction and Recursion 


prod,, = prod, o (prod,_j(pr{,-++,Pfn—-1),2n)- 


e) “Subtraction of one’: Zt > Zt: 


a a Hse OU Ge a 
71, it g= | 


We apply recursion to the simple functions 
f:Z+ Zt, f=, 
g= pr3(Z*)? — Zt : (11,22, 23) r> 22, 


and as a result obtain the function h(x,,272) = rg — 1. Hence x — 1 = 
ho(zx,x), where x = prj (z). 
f) “Truncated difference” 
CA eee Aa 


Y1—-2o, if x1; > 29; 


(om) mm = 47 et (3.1) 


This “truncated difference” is constructed by applying recursion to the 


functions 
f(vi)=21—1, g(v1, 22,03) = z3 — 1. 
Let F : (Zt)" — Zt where F is any polynomial in z1,...,2, with integral 
coefficients taking only values in Z*. If all of the coefficients of f are non- 
negative then F is a sum of products of functions pr? : (41,...,2n) > Z%. 


Otherwise F = Ft — F~, where F+ and F~ have non-negative coefficients, 
and the values of the untruncated difference coincide with the values of the 
truncated one Ft — F~ by the assumption on F’. In what follows we use the 
-recursivity of the functions (x; — x2)? +1 and h = (f — g)* +1 where f and 
g are recursive: this trick makes it possible to identify the “coincidence set” 
f =g with the “level set” h = 1 which is easier to tackle. 


3.5. Other Recursive Functions. “The Step”: 


; a, for x < Zo, 4 
se°(r) = a,b,x EZ". 
to (©) 15 for x > Zo; eS 


For x9 = 1 this is obtained using recursion with the initial condition a and 
the following value b. In the general case 


rem(z,y) = the remainder in {1,...,x} after dividing y by x (we do not 
have zero!). We have 
rem(z,1)=1: 
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1 if rem(z, y) = 2: 
1 = 3 ; 3 
a ae { sucorem(z,y), if rem(z,y) #2. 


We use the following artificial trick. Consider the step s(x) = 2 for x > 2, 
s(1) = 1 and set 


p(x, y) = s((rem(x, y) — 2)? +1). 

It is obvious that 
rem(z,y) Fc <=> (zy) =1, 
rem(x,y) = £ <=> v(x, y) = 2, 

hence 

rem(z, y + 1) = 2suc(rem(z, y)) — v(x, y)suc(rem(z, y)). 
This gives us a recursive definition of rem. 
A generalization of this trick is “conditional recursion”: 
PD Digtcp hyd) = (Giessen): 
BG ips ph lO (2 iicae Dah Disses tau). 


3.2 
if the condition C;(x1,...,2n,k;h) (¢ =1,...,m) a 
is satisfied. 
We reduce the mutually exclusive conditions C;(x1,...,2n,k;h) to the form 
C'; is satisfied <=> 9;(21,...,2n,kjh(x1,...,2n,k)) =1 (3.2a) 
(an everywhere defined recursive function taking only values 1 and 2.) 
Then the recursive step can be described as follows: 
mm 
h(x1,...,2n,k +1) =2 >) Oi Diseicg ashy NS ece5 2a k)) 
i=l 
(3.3) 
"re S (9:9) (a1, -++yDn, k, h(x, -++yIny, k)). 
i=l 


This trick makes it possible to establish the primitive recursivity of the 
following functions which will be used below. 


The incomplete quotient: 


_ f integral part of y/z, if y/xz > 1, 
qt(z,y) = 1 if y/z <1. 


We have 


qt(z, y), if rem(z,y+1)=2, y+1¥Q; 
1, yt+l=x. 
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One reduces these conditions to the standard form (3.2a) with the help of the 
functions 


3((rem(z,y +1) — x)* +1), 
s((rem(z,y +1) — 2)" +1) 8((e-y-1)? +), 
s((x — y— 1)? +1), 
where 


s(1) =1, s(> 2) =2; 3(1) =2,5(< 2) =1. 


The function rad(x) — the integral part of ,/x. One has 


rad(1) = 1 
_ f rad(z) if qt(rad(x) +1,2+1) < rad(x) +1, 
a { rad(z) +1 if qt(rad(x) + 1,2 +1) = rad(x) +1. 


These conditions can be reduced to the standard form (3.2a) in a similar way. 


The function min(z, y): 
min(z,1) = 1; 


min(z, y), ife<y, 


Le ia pens y)t+1, ife>y. 


The function max(z, y) (similarly). 


3.6. Further Properties of Recursive Functions. If f(21,...,2n) is recursive 
then | 


Ln in 

Sh]. fasta PF i ins h) 
k=1 k=1 

are recursive. We can also obtain recursive functions from f in the following 

ways: 


a) by any substitution of the arguments; 

b) by introducing any number of extra arguments; 

c) by identifying the members of any group of arguments (e.g. f(x, z) instead 
of f(z, y) etc.) 


The map f : (Zt)™ — (Z*)” is recursive if and only if all of its components 
pr?’ o f are recursive. 


Definition. The set E C (Zt)” is called ennumerable, if there exists a 
partially recursive function f such that & = D(f) (the domain of definition). 


The discussion of §1 and 2 shows that ennumerability has the following 
intuitive meaning: there exists a program which recognizes the elements x 
belonging to E, but which not necessarily recognizes elements which do not 
belong to E. Below, a different description of the ennumerable sets will be 
given, which will explain the ethimology of the name: they are the sets with 
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the property that all their elements may be obtained (possibly with repetitions 
and in an unknown order) by a “generating program”. 

The following simple fact is easily deduced from the properties of partially 
recursive functions. 


Proposition 3.7. The following three classes coincide: 
a) the ennumerable sets; 
b) the level sets of partially recursive functions; 
c) the 1-level sets of partially recursive functions. 


A much more difficult statement is the following result and its corollaries. 


Theorem 3.8. The following two classes coincide: 
a) the ennumerable sets; 
b) the projections of level sets of primitively recursive functions. 


Among the primitively recursive functions are the polynomials with coeffi- 
cients in Zt. Recall that Diophantine sets are projections of the level sets of 
such polynomials. The Matiyasevich theorem can now be stated precisely as 
follows: 


3.9. Matiyasevich’s Theorem. The ennumerable sets are Diophantine; 
hence the two classes coincide. 


We sketch the proof of 3.8 in this section, and of 3.9 in the next section. 

Let us temporarily call the projections of level-sets of primitively recur- 
sive functions the primitively ennumerable sets. In the first part of 3.8 it is 
established that the primitively ennumerable sets are all ennumerable; in the 
second part the opposite inclusion is proved. 

We therefore let f(21,..-,2%n,;Un+1;---)lntm) be a primitively recursive 
function, and & the projection of its 1—level to the first n coordinates. We 
shall explicitly construct a partially recursive function g such that EF = D(g). 
This will show that any primitively ennumerable set must be ennumerable 

We divide the proof into three cases depending on the codimension of the 
projection: m = 0,1 or m > 2. 


Case a): m = 0. Then the set F is the 1—level of f and is ennumerable by 
Proposition 3.7. 
Case b): m = 1. Set 


g(x1,- os Ln) = min{@n41 | f(z1,. oe En, En41) = 1}. 


It is clear that g is partially recursive and D(g) = E. 

Case c): m > 2. We shall reduce this to the previous case using the following 
lemma, which is interesting in itself (the lack of a notion of “di- 
mension” in “recursive geometry”) and plays an important role in 
various other questions. 


Lemma 3.10. For all m > 1 there exists a one-to-one map t'™ : Zt — 
(ZT)™ such that: 
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a) the functions t’” = pr{™ ot™ are primitively recursive for all 1 <i < 
m; 


b) the inverse function r\™ : (Z+)™ — Zt is primitively recursive. 

Application of the lemma. We apply 3.10 in the case 3.9 c) and set for 
m->2 

O@igk isin) HT is Ln, ty” (y), fied th) (y)). 

It is clear that g, being a composition of primitively recursive functions is itself 
primitively recursive. It is easy to check that E coincides with the projection of 
the 1—level set of the function g to the first n coordinates. Since this projection 
is of codimension 1, we have reduced Case c to Case 0. 


Proof of the lemma. The case m = 1 is trivial. We shall prove the lemma 
by induction on m, starting from m = 2. 


Construction of t'2). We first construct 7'?) : (Z+)? + Z+ by setting 
1 
7) (ry, 22) = 5 ((a1 + tq)” — x1 — 3x2 + 2). 


It is easy to check that if we index the pairs (x,,22) € (Zt)? in the “Kantor 
order”, and inside each group with given x; + x2 in increasing order, then 
t')(1, 29) will be exactly the number of the pair (x1, z2) in this list. Thus 
'?)(x1,29) is bijective and primitively recursive (use 3.4 and the recursivity 
of qt from 3.5 in order to take into account the 1/2. 

The reconstruction of a pair (1,22) from its image y is an elementary task 
and this leads to the following formula for the inverse function t'?): 


(Oy) = 9-5 2-3-3] (| (2-3-3 v4), 
oa) = re = ‘ = 4 — tA) (y) + 2. 


Here [z] denotes the integral part of z. Using the results and methods of 3.5 
— 3.6, one can verify that these functions are primitively recursive. 


Construction of t(™). Assume that t("-)), +(™—)) are already constructed, 
and their properties are proved. Set first of all 


76m) — f(2)(-(M"D (a. tm—1), Lm). 
It is clear that 7‘™ is primitively panes and bijective. Solving the equation 
t(D (a1... tm_1), 2m) = 
in two steps, we get the following formulae for the inverse function t(™). 


2 —l 2 : 
£™ (y) = 4) (y), th (y) = PA (y)), 1<ism-1. 
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By induction, 4”) is primitively recursive. 
This finishes the proof of the lemma and the first part of the proof of 
theorem 3.8. 


The second part of the proof. We now prove that every primitively ennumer- 
able set is ennumerable. We begin with the following easily verified property 
of the class of primitively ennumerable sets. 


‘Lemma 3.11. The class of primitively ennumerable sets is closed under the 
operations of finite direct sum, finite intersection, finite union and projection. 


Now let & be an ennumerable set. Using proposition 3.7 we realize it as 
the 1-level of a partially recursive function f : (Z*)" — Zt. Note that in 
order to prove that FE is primitively ennumerable it suffices to check that the 
graph Ty c (Z*t)” x Z* is primitively ennumerable.- Indeed it is clear that 
E coincides with the 1—level of the projection onto the first n coordinates of 
the set 'y N((Z*)" x {1}). Also the set {1} C Z* is primitively ennumerable 
in view of the properties listed in 3.4, so if we prove that I; is primitively 
ennumerable, then the same would follow for E by lemma 3.11. We have thus 
reduced our problem to that of proving that the graphs of partially recursive 
functions f are primitively ennumerable. 

With this purpose we check that: a) the graphs of simple functions are 
primitively ennumerable; b) if we are given functions whose graphs are prim- 
itively ennumerable, then any function obtained from them using one of the 
elementary operations also has a primitively ennumerable graph. 

Stability under recursion and the p operation are the most delicate points. 
In order to prove these, the following nice lemma is used. 


Lemma 3.12. There exists a primitively recursive function Gd(k,t) (Godels 
function) with the following property: for each N € Zt and for any finite 
sequence a1,...,an € Zt of the lenth N there exists t € Zt such that 
Gd(k,t) = ax, for alll <k < N (In other words, Gd(k,t) may be regarded 
as a sequence of functions of the argument k indezed by the parameter t such 
that any function of k on an arbitrarily large interval 1,...,N can be imitated 
by an appropriate term of this sequence). 


In order to prove this it is convenient to put first 
gd(u,k,t) = rem(1 + kt, u) 


and to show that gd has the same property as Gd if we allow ourselves to 
choose (u,t) € (Z*t)?. After this we could put 


Gd(k,y) = gd(t?(y), k,t?)(y)), 


where t'2) : —+ (Z*)? is the isomorphism of the lemma 3.10. Getting rid of 
the teat parameter u in Gd(k,t) (in comparison with Bd(wu, k,t)) causes 
no essential problems. 
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3.13. Discussion of the Properties of Ennumerable Sets. Theorem 3.8 shows 
that if E is ennumerable, then there exists a program “generating” F (cf. 3.6). 
Indeed, let E be the projection onto the first n coordinates of the 1—-level of a 
primitively recursive function f(11,...,2%n,y). The program “generating” E 
should check one—by—one the vectors (11,...,2n,y), say, in Kantor’s order; it 
should compute f and output (21,...,2%,) if and only if f(z1,...,%n,y) = 1. 
Since f is primitively recursive, the generating program will sooner or later 
write down each element of £, and no other element. It cannot stop forever 
on elements not belonging to &. However, if & were empty we could never 
find this out just by waiting. 

The set E Cc (Zt)” is called solvable, if it and its complement are ennu- 
merable. Intuitively this means that that there is a program which decides 
for any element of (Z*)" whether it belongs to E or not. These sets can be 
characterized as being the level sets of general recursive (everywhere defined 
recursive) functions, or as the sets whose characteristic function is recursive. 
In order to establish these properties, the following result is used: 


Proposition 3.14. A partial function g from (Zt)" to Z* is partially recur- 
sive iff its graph is ennumerable. 


§4. Diophantineness of a Set and Algorithmic 
Undecidability 


4.1. Before explaining how to prove that the classes of Diophantine and of 
ennumerable sets are the same, we first give some interesting applications of 
this theorem. It is known from logic that there are sets which are ennumer- 
able but not solvable. Combining this fact with Matiyasevich’s theorem (see 
3.9) and the Church thesis, we deduce that Hilbert’s tenth problem (1.2) is 
undecidable. 

First of all, every natural number is a sum of four squares (Lagrange’s 
theorem, see I, 1.2.6). The solvability of the equation f(x1,...,2n) = 0 in 
(Z*)” is therefore equivalent to the solvability of the equation 


4 . 4 
f (14 Dvd De) =0 
1=1 i=1 


in (Zt)*”. It is thus sufficient to establish the algorithmic undecidability of 
the class of questions whether equations have solutions in (Zt)". Let E Cc 
Z* be ennumerable but not solvable. We represent it as the O-level set of 
a polynomial f, = f(t;71,...,%n) = 0, f © Zlt;71,...,2,|. The equation 
ftp = 0; to € Z* is solvable iff to) € E. According to a general principle 
(the Church thesis), intuitive computability is equivalent to partial recursivity 
of a function. This implies that the corresponding class of problems for the 
family {f;} is algorithmically decidable, iff the characteristic function of E is 
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computable. However this is not the case by the choice of E: although EF is 
ennumerable, its complement is not. 

Thus the question of solvability in integers is undecidable even for an ap- 
propriate one parameter family of equations. The number of variables, or 
more generally the codimension of the projection can be reduced to 9 (Yu. I. 
Matiyasevich). The precise minimum is still unknown, although this is a very 
intriguing problem. 


4,2. Sketch Proof of the Matiyasevich Theorem. One introduces temporar- 
ily a class of sets, intermediate between the ennumerable and Diophantine 
sets. In order to define this class, consider the map which takes a subset 
E c (Z*)" to a new subset F Cc (Z*)” defined by the following law: 


(11,...,%n) EC F <> Vk € [1,2] 


(Picasa Pyagy kh) eek. 


We shall say in this case that F is obtained from EF by use of the restricted 
generality quantor on the n* coordinate. The restricted generality quantor is 
defined analogously on any other coordinate. 


Definition—Lemma. Consider the following three classes of subsets of 
(Z*)" for any n: 


I. Projections of the level sets of primitively recursive functions. 

IIT. The smallest class of sets containing the level sets of polynomials with 
integral coefficients, which ts closed under the operations of finite direct 
sum, finite union, finite intersection, projection and the restricted gener- 
ality quantor. 

III. Projections of the level sets of polynomials with integral coefficients. 


Then 


a) Class I coincides with the class of ennumerable sets, and Class III with 
the class of Diophantine sets. The sets of the class II will be called D-sets. 
b) The following inclusions hold: I> II D III. 


The final steps in the proof of the Matiyasevich theorem consist of reduc- 
tions similar to those described above. The crucial part is the proof that the 
class of Diophantine sets is closed under the use of the restricted generality 
quantor. Here one makes use of the Diophantine representations of concrete 
sets from §2, in order to check that application of Godel’s function does not 
damage the Diophantineness. 
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Chapter 2. 
Arithmetic of Algebraic Numbers 


§1. Algebraic Numbers: Their Realizations and Geometry 


1.1. Adjoining Roots of Polynomials. The idea to extend the field of rational 
numbers owes a lot to various attempts to solve some concrete Diophantine 
equations. The use of irrational numbers which are roots of polynomials with 
rational coefficients often makes it possible to reduce such equations to more 
convenient forms. An intriguing example of this is the study of the Fermat 
equation (Borevich Z.I., Shafarevich I.R. (1985), Postnikov M.M. (1978), Ed- 
wards H.M. (1977), Ribenboim P. (1988)) 


ie oa 7 eae ia @ c/o | (1.1) 


The unsolvability of (1.1) in non-zero integers for n > 2 is not yet established”). 
However, it follows from recent results due to Faltings (see chapter 3, §5) that 
the number of primitive solutions (i.e. such that GCD(z, y, z) = 1) is finite 
for each n > 2. If n is an odd integer then the left hand side transforms into 
the following product: 

n—1 

[[ (+ ¢fy) = 2”, (1.2) 

k=0 


where ¢ = exp(2mi/n) is a primitive n‘® root of unity. If we suppose that 


the ring R = Z[¢] has unique factorization of elements, then by studying the 
divisibility properties of the left hand side of (1.2) one can prove that (1.1) 
has no solutions in integers not dividing n (this is the first case of the Fermat 
conjecture: n / xyz) (Kummer). However, this unique factorization property 
is far from being always satisfied: J.M.Masley and H.L.Montgomery (1976) 
have found all n with this property; it turns out that there are altogether 
29 such numbers, and the primes among them are n = 3,5, 7,11, 13,17,19. 
Nevertheless, the validity of the first case of Fermat’s Last theorem has been 
established for infinitely many primes (Adleman L.M., Heath-Brown D.R. 
(1985), Fouvry E. (1985), Granville A., Monagan M.B. (1988)). 

Let a be a complex root of an irreducible polynomial f(x) = x” + 
An—12"- 1 +...a,x2 + a9 € Q[z] with rational coefficients a; € Q. If k = Q(a) 
is the smallest field containing @ then each of its elements ( has the form: 
G =r(a), where r(x) € Q[z] is a polynomial of degree deg r(x) <n, and the 
arithmetical operations in Q(a@) are the same as those with residues mod f 
in the ring of polynomials Q(z]. 


*) It has been completely proved by A. Wiles (Wiles A., 1994; Taylor R., Wiles A., 
1994) since the publication of the Russian edition of this book in 1990 (note by 
A. Panchishkin). 
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In other words, there is an isomorphism between k and the quotient ring 
Q[z|/(f),e and k is an n-dimensional vector space over Q (with basise 
1,a,...,a@"—'). A choice of basis gives anothere realization of elements of k 
as n X n square matrices: to ane element ( one attaches the matrix of the 
linear transformation yg : x +> (x (with respect to the echosen basis). For 


the basis {1,a,...,a@"~+} the endomorphism vy, is described by the matrix 
(sometimes called the adjoint matriz): 
0 0 sp Lait 0 —ag 
1 0 gates 0 —QA] 
Ag = 0 1 er 0 —a2 ) 
0 0 alee 1 —An—1 


and the smallest subring of the matrix algebra M,,(Q) containing A, can be 
identified with k. Each element @ € k is a root of the characteristic polynomial 
of the endomorphism yz, and its determinant and trace are denoted N@ and 
TrG. These are called the norm and the trace of @. The bilinear form B : 
k x k — Q defined by B(u,v) = Tr(wv) is non-degenerate. An element £ is 
called integral if all of the coefficients 6; of its characteristic polynomial 


det (X -1n — yg) =X" + dn X”™ +--+ +b € Q(X] 


are integers. This condition is equivalent to saying that the ring Z[G] is a 
finitely generated Abelian group. The set of all integers of k will be denoted 
by O = Qs. This is a free Z-module (a free Abelian group) with a basis 
W1,°*+,W,. The determinant of the bilinear form B(u,v) with respect to such 
a basis is called the discriminant of k, and is denoted by D = Dx. This is 
independent of the choice of basis of Ox. 

The idea of symbolically manipulating the roots of polynomials has lead to 
the theory of algebraic extensions of arbitrary fields, for which one may repeat 
the above constructions. If k C K are two fields and the dimension [K : k] 
is finite, then for any @ € K one defines analogously Nx/,(@) and Trx/,(8). 
The claim that the form B(u, v) = Trx/,(uv) is non-degenerate is one of the 
definitions of a separable extension. If this is the case one can always find an 
element 7 € K such that K = k(7) (this statement is known as the primitive 
element theorem) (Lang S. (1965), Shafarevich I.R. (1987)). 

Adjoining the roots of all the irreducible polynomials in k[X] to the ground 
field k leads to the construction of an algebraic closure k of k. This is a 
field, uniquely defined by k upto isomorphism, which consists of elements 
algebraic over k, and which is also algebraically closed. This means that every 
polynomial f(X) € k[K] with deg f > 0 has a root a € k. When we write Q 
we often mean the complex realization of this field as the set of all complex 
numbers a@ € C which are roots of polynomials with rational coefficients. 


1.2. Galois Extensions and Frobenius Elements (Lang S. (1965), Lidl R.., 
Niederreiter H. (1983)). In general let K/k be a finite separable extension, 
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k Cc K Cc k. Then K/k is called a Galois extension if for every embedding 
\: K > k over k (i.e. A(x) = x for x € k) one has \(K) = K. In this case the 
automorphisms \: kK — K over k form a group G(K/k) = Aut(K/k) of order 
n which is called the Galois group. In what follows the action of o € G(K/k) 
on x € K will be denoted either by x’, or by o(z) so that the composition 
law is (ta)(x) = T(o(z)), 7° = (x7) (a left action of G(K/k) on K). 


Main Theorem of Galois Theory. There is a one-to-one correspondence 
between subgroups H C G(K/k) and intermediate fields L withk CLC K. 
This correspondence is defined by the following law: 


Hw K"¥ ={re¢K | «° =z for allo € Hy}, 
Le Ay = {0 € G(K/k) | 2° =a for all z € DL}. 


The normal subgroups H «G(K/k) correspond exactly to the Galois subez- 
tensions L/k, and for such subgroups or extensions we have G(L/k) = 
G(K/k)/HA. 


Example: Finite Fields. Let K = F, be a finite field with q elements. 
Then q = p/ and F, is a vector space of dimension f over the prime subfield 
F, = Z/pZ (Lidl R., Niederreiter H. (1983)). For any integer r > 0 the 
algebraic closure Fy contains exactly one extension of F, of degree r: 


F,- ={x€F, | 2? =x}, 


so that +7 ~! = 1 for all elements of the multiplicative group Fj. The exten- 
sion F,-/F, is therefore a Galois extension, and its Galois group is cyclic of 
order r: 


G(Fgr/Fq) = (1, Frq, Fry,--+, Fro7*}, 
where Fr,(x) = x? is the Frobenius automorphism. 


Example: Cyclotomic Fields. Let Cm be a primitive root of unity of degree 
m. Then the field Ky, = Q(Gm) contains all roots of the polynomial X™ — 
= la x — ¢*) and is therefore a Galois extension. If o € G(Km/Q) 
then the element o(¢,, must also be a primitive m™ root of unity, so that 
otm = ¢%, for some a with (a,m) = 1. If C®, is another m™ root of unity then 
a(¢k,) = (2%. Hence the correspondence o ++ a(mod m) produces a canonical 
map G(Km/Q) — (Z/mZ)* which is in fact an isomorphism. In order to 
prove this it suffices to show that the cyclotomic polynomial 


6,(X)= |] (x-d) 


(i,m)=1 


is irreducible over Q. First we see that X™ —1 = []4, Ga(X), and hence 
®,,(X) = Taj ("4 — 1)#(4) € Z[X] (where p(d) is the Mébius function 
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of d). The irreducibility is established by reducing the polynomials modulo 
p: Z|X| — F,[X]: f(X) + f(X) € F,[X]. One applies the properties of the 


Frobenius endomorphism f(X) — f(X)? = f(X”) € F,|X] in the ring F,[X’]. 
Suppose that ®,,(X) is not irreducible and let 


Pin(X) = fi(X)-...+ fr(X) 


be the decomposition of ®,, as a product of irreducible polynomials in Z[X}. 
We show that for alla mod m with (a,m) = 1, fi(Cm) = 0 implies f,(C?,) = 0 
We use the existence of a prime p such that p = amod m. The polynomial 
X™ — 1 is coprime to its derivative mX™~! in F,[X] since p /m. Hence the 
polynomials f,(X),...,f,(X) are pairwise coprime. 

If fi(¢7.) 4 0 then we have f;(¢7,) = 0 for some 7 ¥ 1, which implies 
f;(C®,) = 0. Hence f;(X) has a common factor with f;(X?). In fact since fj is 
irreducible, it must divide f;(X?). Therefore f,(X) divides f; (XP) = fj (X )?. 
This contradicts the fact that f,(X) and fj(X ) are coprime. 

Note that we do not need to assume the existence of a p such that p = 
amod m. We could instead consider the decomposition a = py’ -...-p%* and 
study all the reductions mod p;, i = 1,...,s (Borevich Z.I., Shafarevich LR. 
(1985), Lang S. (1965), Chevalley C. (1940), Lang S. (1978b), Washington 
L.C. (1982).) 

Recall that a Dirichlet character y modulo m is a homomorphism yx : 
(Z/mZ)* — C*. These are often regarded as a functions on Z such that 
x(x) = x(xmod m) if (x,m) = 1, and x(x) = 0 if (4,m) > 1 (see I, 
2.2.2). According to what we have proved, there is a canonical isomorphism 
G(Km/Q) & (Z/mZ)* . Hence a Dirichlet character defines a homomorphism 
py : G(Q/Q) — C* by means of the projection G(Q/Q) > G(Km/Q). 


Theorem of Kronecker-Weber. For any homomorphism p : G(Q/Q) 
C%* of finite order there exists a Dirichlet character y such that p = p, Sha- 
farevich LR. (1954), Artin E., Tate J. (1951), Chevalley C. (1940). 


This can be restated as saying that any Galois extension K/Q whose Galois 
group G(k/Q) is commutative (i.e. any Abelian extension) is contained in a 
cyclotomic extension. 

A remarkable fact is that the elements of the Galois group G(K,,/Q) cor- 
respond to prime numbers (more precisely p mod m for p/m). The deep- 
est results of algebraic number theory are related to generalizations of the 
Kronecker—-Weber theorem. For example, Deligne and Serre have shown that 
there exists a correspondence between two-dimensional irreducible complex 
representations p : G(Q/Q) — GLa(C) such that det p = p, for an odd char- 
acter y, arid primitive cusp forms of weight one (cf. Chap.4, §4, the theorem of 
Deligne—Serre). It is conjectured that this correspondence is one-to-one, and 
therefore gives a two-dimensional analogue of the Kronecker—Weber theorem. 


1.3. Tensor Products of Fields and Geometric Realizations of Algebraic 
Numbers. In order to obtain a convenient geometric realization of an algebraic 
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number field k, we use the tensor product k@R. Constructions involving tensor 
products of fields are frequently used in algebraic number theory, and for this 
reason we begin with a general result on these products. 


Theorem on Tensor Products of Fields. Let K/k be a finite separable 
extension, K = k(y), and let L/k be another extension, and suppose that 


KE RX\V/(f(X)), F(X) = TT 9X) 


is the decomposition as a product of irreducible polynomials in the ring L[X]. 
Then there is a ring isomorphism 


™m 
K®,L2 |] Li, 


i=1 


where L; = L{|X|/(g:(X)) are finite extensions of L containing K under the 
embeddings \,: K — L; defined by 


Ni(r(y)) = 7(X) mod g:(X) 
(see Chevalley C. (1940)). 


The proof of this theorem is similar to that of the Chinese remainder theo- 
rem. The elements r(y) ®, / with 1 € L, r(X) € k|X] generate the whole ring 
K ®, L, and the isomorphism is given by 


r(y) @el +> (Ir(X) mod gi(X),---,lr(X) mod gm(X)). 


Corollary. Let 6 € K. If fg(X) € k[X] ts tts characteristic polynomial in 
the extension K/k and fg;(X) € L[X] are its characteristic polynomials in 
the extensions L;/L, then 


fa(X) =| | fa,s(X). 
a=]. 


In particular, we have 


Nxjx(B) = II Nr, /t(A:(B)), (3) 
Tre (8) = >) Ter./1.(Ai(4)). (1.4) 
41=1 


If we take k for L, then m = n and )j,...,An are all possible embeddings 


rj -K- k, 
‘Sfp(X) = (X — Ar (B)) +... (X — An(8)). 
Hence for any G € K we have 


81. Algebraic Numbers: Their Realizations and Geometry 99 


Nxye(8) =|] A(),  Trx/e(8) = >— ru(8). (1.5) 
i=1 i=1 
By putting L = R, K = Q(y) and k = Q, we obtain a geometric realization 
of the algebraic numbers. Let f,(X) = (X —71)-...:(X —r,) + (X? +01 X + 
B1)-...:(X* +a,,X + B,,) be the decomposition of the minimal polynomial 
fy(X) € Q|X] of y into irreducible polynomials over R. Then 


K &, R=Q(7) @R&R" x C” (1.6) 


(this is an R-algebra isomorphism), or Q(y) ® R = R” as a real vector space, 
so that n = 1r, + 2reg. Let A1,°++,Ar,,°°°;Ar,+r. be the embeddings of 2.1.2. 
Then the tuple 

A = (A1, J ee = Nes tes) 


defines an embedding of K into R”, and any embedding of K into C is one of 
the following _ 


M1; wee y Aare igAre as cee Pe ee, ae re 


A lattice M in a vector space R” is by definition a discrete subgroup M Cc 
R” such that the quotient group R”/M is compact (in the natural topology). 
Every lattice is a free Abelian group generated by a basis e1,...,€n of R”. 

If O is the ring of integers in K, then one verifies that its image M = 
A(O) Cc R” is a lattice, and 


Dx = (—4)"*vol(R"/A(O)), (1.7) 


where Dx is the discriminant of K, and vol(R"/X(O)) is the volume of 
the fundamental parallelotope ‘Spa rie; |0< 2; <1} of the lattice O = 
(€1,...,€n) with respect to the usual Lebesgue measure on R”. 

For example, let K = Q(a) be a quadratic field, where a? = d for some 
square free integer d. Then a calculation of the characteristic polynomial of a 
typical element 6 = a + ba (where a and b are rational numbers) shows that 
O = Ox = Zw] where 


l+a 
w= 


and Dx =d for d=1(mod 4), 


w=a and Dx =4d for d=2,3(mod 4). 


If d is positive then the geometric realization of the number 6 = a+ ba will 
be the point \(8) = (a+bVd, a—bvd). In the case of an imaginary quadratic 
field (d < 0) the geometric realization of the number 6 = a+ ba will be 
the point (a + ib,/|d|) in the complex plane. Since Z[w] = (1,w) we have for 
positive d 


peti _ Vd if d=1mod 4, 
vol” (R*/A(Z|w])) 1345 if d=2,3 mod 4, 


and for negative d 
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ld} = 
vol?(C/Z[w]) = vial if |d| = 3 mod 4, 
V/|d| if d=1,2 mod 4. 
Figures 11 and 12 illustrate the lattices of integers in the quadratic fields 


Q(V—1) and Q(v2). 


d=2 
z[V2]eR? 
D=8, vol=2V2 


Fig. 11 Fig. 12 


1.4. Units, the Logarithmic Map, and the Regulator. In the ring Z there 
are only two invertible elements (units): 1 and -1. The group of units, i.e. 
invertible elements of the ring of integers Ox of a number field K has a less 
trivial structure. However, this group can be completely described. One uses 
the notation Ex = OX. 

Some interesting arithmetical problems can be reduced to finding elements 
of Ex. For example, consider Pell’s equation (see I, 1.2.5) 


a? — dy? =1 (1.8) 


(where d is a square free positive integer). 

Note that if @ ¢ O% then N@ and NG! = N(G7?) are rational integers, 
hence NG = +1. Conversely, any solution to (1.8) in integers x,y produces a 
unit @ = x + ya in the real quadratic field k = Q(a), a? = d since NG = 
(x + yVd)(x — yVd) = x? — dy. On the other hand for all 8 € Ox with 
NG = +1 we have that 6 € O7. It follows from a general theorem of Dirichlet 
on the structure of Ex for an algebraic number field K (the Dirichlet unit 
theorem), that for K = Q(Vd) one has Ex = {+e” | n € Z}. Here ¢ is 
a fundamental unit (which can be uniquely defined by the condition that 
\i(e) = a+ bVd is minimal with \,(€) > 1). The set of solutions to (1.8) 
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can be identified with a subgroup of Ex of the form {tef | n € Z}, where 
Ey = Xo + YoVa@ corresponds to the minimal solution A(Eo) = xo + yovd > 1, 

In order to describe the structure of Ex in the general case, one uses the 
embedding \: K — K @R = R" x C” and the following logarithmic map 
1: (R™ x C™)* —+ R™+"2 where for 4 < r, by definition 1;(x) = log |z], 
l; : RX — R, and for i > ry 1;(x) = log|z|?, 1; : CX —» R. Under the map 
lox, multiplication in K becomes addition in R™+". If x € K then in view 
of (1.3) we know that 


Nz = 4(Z)+...+ Ary (x)Ari41(t)Ar.41(2) tat Arytre (x)A rytra(Z). 


Hence 
T14+1T2 


S> L(A,(@)) = log [Net 
i=l 
In particular, the image 1A(O7-) of OF lies in the hyperplane 


ritre 


Y= | (en -stntn) ERT | > nm =0| VER’, r=r4+7r2-1. 


The kernel of the map |: (K @ R)* — R™*"? is the following compact set 
fly Se Rx CFS RR. 


where S = {z € C | |z| = 1} is the unit circle. We see that the logarithmic 
map provides an effective way of drawing the units: the kernel of lA: Ex — 
R™+"2 consists of only a finite number of elements (the roots of unity in K). 
Dirichlet’s theorem says that the image |\( Ex) is a complete lattice in V = R” 
(where r = r} + rg —1). In other words, one can find elements ¢1,...,é, € Ex 
such that any unit « € Hx can be uniquely represented in the form 


Rr 


= m1 
E=MNE]*...°€, 


where n; € Z and 7 is a root of unity in K. In particular, €1,...,¢€, € Ex are 
multiplicatively independent: 


IX(e1),...,A(Er) 


form a basis of the hyperplane V. Consider now the volume vol(V/lIA(Ex)) 
of a fundamental parallelogram for the lattice of units (with respect to the 
measure on V induced by Lebesgue measure on R”). The number Rx = 
vol(V/IA(Ex))/Vr + 1 is called the regulator of K and is equal to the absolute 
value of the determinant 


An (ea) taAa(e1) ttt Un tr Any tre (E1) 


lA we ees te bn ppg Ara tre (Er) | 
(ry + 1r2)~ en (ry + 12)7 Es -iee (ry +72)71 
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1.5. Lattice Points in a Convex Body. We now describe a general geometric 
idea, on which the proof of the Dirichlet’s theorem, and some other interesting 
facts (such as bounds for discriminants and class numbers) is based. 


Minkowski’s Lemma on a Convex Body. Let M be a lattice in R", A = 
vol(R"/M), and let X C R” be a centrally-symmetric convex body of finite 
volume v = vol(X). Ifv > 2"A, then there exists0O Fae MnNx. 


Proof. In order to prove the lemma, it is convenient to consider the lattice 
2M c R" whose fundamental parallelotope has volume vol(R"/2M) = 2"A. 
Then under the natural projection of X C R” onto a fundamental paral- 
lelepiped R” /2M there will be overlaps in the image of X, because the volume 
of X is bigger than the volume of a fundamental parallelepiped. Hence there 
exist two different points z,,z2 € X, z1 # z2 such that z; = z2 mod 2M, ice. 
(z, — 22)/2 € M. The proof follows: the point (21 — z2)/2 4 0 belongs to X in 
view of its convexity and central symmetry, since (z1 — z2)/2 = (21+ (—22))/2 
(if z € X then —z€ X). 


Here are some examples of convex bodies to which we can apply Minkowski’s 
lemma. Let 2° = (29,...,2% ,,,) € KOR, [N(e®)| = [YT fol 132 le? al? 
#0. Put 


W(2°)={xreK@R| |x| < |x°|, as Ene fa +rgh. 


For a positive integer a we put 


Tt T2 
U(a)=(xeEK@R/ YS |zil+2)_ |trnaj| <a 


i=1 j=l 
A calculation of these volumes shows that 


*\" a”. (19) 


vol(W(a°)) = 2" n"2|N(a°)|, vol(U(a)) = 2” (5 —. 
Applying Minkowski’s lemma to the lattice M = A(Ox) and these bodies 


(where A = 2~"2,/|Dx| by (1.7)), we see that. 


a) for arbitrary constants c; > 0 (i =1,...,r1 +72) satisfying the condition 
free TTj21 Ca (2)” \/|Dx| there exists a non zero element a € 
Ox such that 
JAsx(a)| <q (G=1,...,71 +12); (1.10) 
it suffices to take c° € K @R with |z9| = c; (¢ = 1,...,71 +72) and 
a € W(r°); 
o 1/n 
b) fora> (n! (4)" VIDxl) there exists B € Ox, 8 £0 from U(a), such 
that 


S>1Ai(8)] +25 Ari45(B)] <a, 
i=l j=l 
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hence in view of the inequality between the arithmetic and geometric 
means we have the estimate 


Niai< (=) Zvie (N29. ay) 


From (1.11) follows the estimate for the discriminant: 


T } 2r2 n2n 


2r 1 
a) mp7 (a) eee sect) 


D 
| «| > ( A 27n 


showing that |Dx| grows with n. 
Some other remarkable consequences of Minkowski’s lemma are: 


Hermite’s Theorem (1863). There are only finitely many algebraic number 
fields with a given discriminant. 


Minkowski’s Theorem (1890). Jf kK #4 Q then |Dx| > 1. 


For the proofs of these theorems see Weil A. (1974a). 

From the above estimate for the discriminant it follows also that for large 
n one has |Dx|!/" > (7.3)"/"(5.9)"2/". However nowadays much stronger 
estimates for discriminants are known: |Dx|!/" > (188)"/"(41)"2/” (for large 
n), cf. Odlyzko A.M. (1975), Kuzmin L.V. (1984). The latter are deduced 
from analytic properties of the Dedekind zeta—function via explicit formulae 
(cf. 4.2.3 and 4.2.5). 


1.6. Deduction of Dirichlet’s Theorem From Minkowski’s Lemma. Con- 
sider the hypersurface T, = {x € K ®R | |Na| = c} for a fixed c > 0. Under 
the logarithmic map this becomes the affine hyperplane 


ri+re2 
S> y; = log e. 
i=1 


The group of units Ex acts on T, by multiplication with A(e), ¢ € Ex. Under 
the logarithmic map the action of e becomes a translation by the vector lX(e), 
which maps Viog ¢ into itself. The number of orbits of this action on T;.NA(Ox) 
is finite for any fixed c. Indeed it suffices to show that if N(a) = N(@)=ceEZ 
and a = 6( mod c) in the ring Ox then a/G € Ex. In order to see this, notice 
that a divides its norm Na = c. Hence the number £ =1+ gaa belongs to 
Ox. Similarly, 4 € Ox, hence § € Ex = Ox. 

We now use the results of 2.1.5, and choose some c > (2) \/|Dx]|. Then 
for any element x € Ty one can find an element a € Ox such that A(a) € 
W(x). We use this fact to show that the quotient group V/lA(Ex) is compact. 
It suffices to show that V = Vo can be covered by translations of a bounded set 
by vectors lA(e), € € Ex. In turn, this is implied by the analogous statement 


Voge= {ve Rr 
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for any hyperplane parallel to V, for example of the type Viog- instead of 
Vo. For any a € Ox, a # 0, consider the set Y.(a) C Voge consisting of 
all y = I(x) € Viogce such that A(a) € W(x). Then Y,(a) are all bounded, 
Y.(ae) = Y.(a@) + lX(e) for ¢ € Ex, and Minkowski’s lemma implies that 
any y € Vioge is contained in some Y,(a@). On the other hand, we know that 
there are only finitely many classes of a € Ox with |N(a@)| < c modulo the 
action of Ex. If {a;} is a finite system of representatives of these classes, then 
the desired compact set can be defined to be the union UY.(a;). This proves 
the compactness statement; discreteness is implied by the analogous fact for 
the lattice \(Ox), and the fact that the logarithmic map restricted to any 
hypersurface T, is a surjective open map onto Viogc. 


§2. Decompositions of Prime Ideals, Dedekind Domains 
and Valuations 


2.1. Prime Ideals and the Unique Factorization Property. The original pur- 
pose of Dedekind’s theory of ideals was to extend the results of Kummer on 
Fermat’s theorem to a larger class of exponents. Let R be a commutative ring 
with unity. An ideal a of R is by definition an additive subgroup a C FR such 
that Ra c a. An ideal a is called prime iff ab € a implies a € a or b € a (ice. 
the factor ring R/a has no zero—divisors). An ideal of the type a = (a) = Ra 
for a € R is called a principal ideal. The notation (a;);¢7 denotes the smallest 
ideal containing all a; € R, (4 € J). An element a € R is called prime iff 
m7 = ab implies that either a or b is invertible (i.e. a unit) in R. The reason 
for the lack of uniqueness of factorization into prime elements in R, is related 
to the fact that the ideal (7) generated by a prime element 7 is not always 
prime. 


Example. Let R = Z|,/—5] then there are two essentially different factor- 
izations into prime elements: 


21 = 3-7 =(14+2V-—5)- (1 — 2V/—5). 


A simple check shows that none of the divisors of two different factors in this 
identity belong to R. However, the uniqueness of factorization can be restored 
if we pass from prime elements to prime ideals. Indeed, the following ideals 


are prime: | 
py = (8, V-5 — 1), po = (3, V—5 — 2), 
p3 = (7,V-5— 3), pa = (7, V—-5 — 4). 
This is implied by the decompositions: 
X* 45 =(X —1)(X — 2)(mod 3), X?4+5=(X —3)(X —4)(mod 7), 


for example, 
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R/p1 = Z[X]/(3,X —1,X? +5) & Fs[X]/(X — 1) SF, 


in view of the identity (X — 1,X* +5) = X —1 in F3[X]. Analogously one 
proves the decompositions 


(3)=pi-po, (7)=p3-pa, (1 +2V—5) =pi-p3, (1—2V—5) = po: pa, 


and the factorization (21) = pipap3p4 is the unique decomposition as a prod- 
uct of four ideals. The ideals (3), (7), (1+ 2/—5), (1 —2\/—5) are not prime. 


A Dedekind domain is by definition a commutative associative ring with 
identity, in which the factorization of ideals into prime ideals is unique. This 
is equivalent to R being a Noetherian (every ideal being finitely generated), 
integrally closed (containing every element of its field of fractions which is 
integral over R) ring, all of whose non-zero prime ideals are maximal (i.e. 
R/p is a field). 

One can prove that the ring Z[,/—5] of our example is a Dedekind domain. 
From the given characterization it follows that for a given number field K, 
[Kk : Q] < ov, the ring of integers Ox is a Dedekind domain. It also fol- 
lows that no proper subring of Ox with the same field of fractions can be 
a Dedekind ring, since it cannot be integrally closed. For example, the ring 
Z|/5] is not a Dedekind ring: the ideal (1— 5) cannot be decomposed into a 
product of prime ideals. However the bigger ring Z[3=¥5) - Ox, K = Q(v5) 
is a Dedekind ring. Thus one can build a good divisibility theory in this class 
of rings by replacing elements a by the corresponding ideals and using prime 
ideals rather than prime elements. However, the class of Dedekind rings is 
quite narrow, and a good divisibility theory can be built in a much larger 
class of rings. For example, in the polynomial ring k[x1,r2,...,2%n] over a 
field k one has unique factorization of elements, and the prime elements here 
are the irreducible polynomials. On the other hand, the existence and unique- 
ness of factorization of ideals into prime ideals does not hold in this ring. For 
instance, the ideal (x?, y) C k{x, y] does not have such a decomposition. This 
last example explains particularly Kronecker’s mistrust of the prime ideals of 
Dedekind. Kronecker himself began developing a different theory of divisibil- 
ity, based on valuations. This is described below (2.5 and §3). The history 
of the controversy between Kronecker and Dedekind is nicely described by 
H.Wey] (1940). 


Fractional ideals. Let Ox be the ring of all integers in a number field K, 
[kK : Q| < o. A fractional ideal is by definition a non-zero Ox-submodule 
a C K such that aa C Ox for some a € K”%. The properties of Dedekind 
domains imply that together with a fractional ideal a, the Ox-submodule 
a7’ = {x € K | za C Ox} will also be a fractional ideal. If a and b are 
fractional ideals, then ab is also a fractional ideal. ‘Thus the fractional ideals 
form a multiplicative group Ix whose identity element is Ox. Since Ox is 
a Dedekind domain, it follows that Ix is a free Abelian group in which the 
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prime ideals p C Ox form a basis: every a € Ix can be uniquely written in 
the form: 


a=py'-...-pr* (nj € Z). 


The norm Na of an integral ideal a C Ox is defined to be the number of 
elements of the corresponding factor ring: Na = Card(Ox/a), and the norm 
of an arbitrary fractional ideal a € Ix is defined by multiplicativity. If a = 
(a) is a principal ideal, then N((@)) = |Na| = |Nx ga|: multiplication by 
a defines an endomorphism of the lattice Ox, and one easily verifies that 
the absolute value of its determinant coincides with the index of its image: 


(Ox : (a)) = N((q)). 


2.2. Finiteness of the Class Number. To each element a € K™”* one can 
associate (a) € Ix, so that we have a homomorphism K*—>I,. The image 
of this homomorphism is called the group of principal ideals, and is denoted 
by Px. The quotient group Clx = Ix /Px is called the ideal class group. The 
following result is another corollary of Minkowski’s lemma. 


Theorem. The group Clx is finite. 


The order |Clx| = hx is called the class number of K. 

In order to prove the theorem we note that each ideal class can be rep- 
resented by an integral ideal (replacing if necessary a by Ma with an ap- 
propriate integer M, and so getting rid of denominators). According to 
Minkowski’s lemma (see 2.1.5) there exists a non-zero element a € a such 
that |Na| < (2)" \/|Dx|Na. We have aOx C a because a is an ideal, i.e. 
Ox C ata. We see now that the index (a~'a : Ox) = (Ox : aa™*) is 
bounded by the constant (2)” \/|DxK]|, because 


(Ox :aa~') = |N(a)|Na7* < (2) V|Dr|. 


If a’ is an arbitrary fractional ideal containing Ox and (a’ : Ox) = r then 
r Ox Da’ D Ox. But it is obvious that the number of intermediate ideals 
a’ between r~!Ox and Ox is finite. The theorem follows, in view of the fact 
that r can take only a finite number of values. 

As we shall see below, this theorem and Dirichlet’s unit theorem not only 
have similar proofs, but can be incorporated as parts of a more general result 
on the structure of the idele class group (cf. Chevalley C. (1940), Weil A. 


(1974a)). 
The class number plays an exceptionally important role in number theory. 
For example the statement hx = 1 is equivalent to saying that Ox is a 


unique factorization domain. Another example is that the theorem of Kummer 
from 2.1.1 on the first case of Fermat’s theorem can be extended to all prime 
exponents n with the property that hx is not divisible by n, where kK = 
Q(exp(277/n)) is the corresponding cyclotomic field. 
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2.3. Decomposition of Prime Ideals in Extensions. If K is a number field 
with ring of integers Ox, and p is a prime number, then (p) = pOx can be 
decomposed into a product of prime ideals of Ox: 


(p) = ph phe... pe, (2.1) 


The form of the decomposition (2.1) for primes p is one of the most important 
characteristics of K; if say K/Q is a Galois extensions, then K is uniquely de- 
termined by the set of primes p satisfying (p) = pip2-...-pn, where n = [K : Q] 
(the product of n distinct primes). If this is the case for p, we say that p splits 
completely in K. For a general number field it is difficult to determine the 
precise form of the decomposition (2.1) for all p. This problem is related to 
the deepest questions of algebraic number theory (“non—commutative class 
field theory”, see §4 of Chapter 4). However, for Abelian extensions K, i.e. 
Galois extensions K/Q whose Galois group G(K/Q) commutative, this de- 
composition is known. We shall give the precise form of the decomposition for 
quadratic fields K = Q(Vd) and cyclotomic fields K = Q(™/1). This is done 
by a general method, applicable to any extension R C S of commutative rings, 
where it is supposed that S is a finitely generated R-module. In this case each 
element a € S is a root of a normalized (monic) polynomial f(X) € R[X]. 
For example, one could take f(X) = X" + an_1X"-14+...+4a0, a; € R (the 
characteristic polynomial). Let p be a maximal ideal in R. Denote by @ the 
image of a in the quotient ring S/pS. 


Theorem on the Decomposition of a Maximal Ideal. Suppose that for an 
element a € S one has S/pS = (R/p)[a] and n = deg fa(X) = dimz/, S/pS. 
Choose normalized polynomials g:(X),...,gr(X) € R[X] such that 


fa(X) = gi(X)% -...+g-(X)* (mod pR[X]) (2.2) 
where g;(X)(mod pR[X]) are distinct and irreducible in (R/p)|X]. Then the 


ideals 8; = (p,g;(a)) are maximal, and the following decomposition holds: 


pS = Pt... Per, (2.3) 


The maximality of 98; follows from the isomorphism: 


S/Bi = R[X]/(9i(X), p) = (R/p)[X]/(9:(X)) 


and from the irreducibility of g;(X)(mod pR[X]); the decomposition (2.3) is 
deduced from an analogue of the theorem on tensor products of fields, see 
2.1.2 (or from the Chinese Remainder theorem): 


rT 


S/pS = 8 @p (R/p) = | [(R/p)[X]/(gi(X)*). 


i=1 


Example a) Quadratic Fields. For a quadratic extension K = Q(Vd) (dé 
Z being square free), O = Ox = Z[w] where 
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1 
oS tu fa(X) = X* — X + (d—1)/4 and Dx =d for d =1(mod 4), 


w = Vd and Dx = 4d for d = 2,3(mod 4). 


The result on the decomposition of primes can be conveniently stated in terms 

of the quadratic character yx of K. By definition yx is the unique primitive 
Dirichlet character of order 2 modulo |Dx| such that y(—1) = sgn Dx. It can 
be written explicitly as follows 


(4) ; if d = 1(mod 4) 
yn (x2) = ¢ (-1)@-D/2 (731) if d = 3(mod 4) 
(—1)(@?-1)/8+(2—-1)(d'-1)/4 (;37) , if d= 2d’, d' = 1(mod 2). 


Then p decomposes in Ox as follows: 


pp’, p#p’, andNp=Np’=p for xx(p) = 1, 
pOK = « p, Np = p? (i.e. p remains prime) for xx(p) = —1, 
p?, Np=p for xx (p) = 0. 


In order to prove these decompositions one applies the above theorem with 
R= Z, S = Ox, a = w, using the decomposition of the corresponding 
quadratic polynomial f,,(X) mod p, which either has two distinct roots over 
F,,, or is irreducible, or has a double root over F,, in the cases when xx (p) = 1, 
XK (p) = —1 or xx(p) = 0 respectively. This result can be elegantly rewritten 
as an identity for the Euler factors of the Dedekind zeta-—function (cf. 4.2.3 
below): 

[] @ —Np-*) = G— 97°). - xx(p)p™*) (8 € C). (2.4) 

p|(p) 


Example b) Cyclotomic fields. K = Km = Q(¢m). We use the fact Ox = 
Z|Cm]|. Consider the extension Z[¢,,] D Z, and take for f,(X) the cyclotomic 
polynomial $,,(X) (see 2.1.2). The proof that Ox coincides with Z[¢,,] is 
rather fine but elementary; it is based on a calculation of the discriminant of 
R= Z{|C»| which turns out to be equal to 


(1) POOP? PY] (1 pie) 


p|m 


2.4 Theorem 
a) Letp}m, then 
pR=pi-...-Pr, Npi =p’, 
where p; C R are distinct prime ideals, and the number f is equal to the 
order of pmod m in (Z/mZ)*, f-r = y(m). 
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b) Ifm=py'-...-p%: then 


piR = (py-... pee), Np = pl", 
where p(p%) = p%~"(p, — 1), f' is equal to the order of the element 


pi mod mp,“ in (Z/(mp; “*)Z)*, and f'-r’ = p(mp; “). 


Proof. Note first that for prime ideals p C Ox the number f = log, Np 
coincides with the degree of the corresponding extension of residue fields: 
f = [(Ox/p) : Fp], and thus f is the order of the Frobenius automorphism 
x +» x?, generating the cyclic Galois group G((Ox/p)/F,). Applying the 
theorem on the decomposition of maximal ideals we see that it suffices to find 
the form of the decomposition of the cyclotomic polynomial ®,,(X) mod p 
in F,,[X] into irreducible polynomials. 

It follows also that the form of the decomposition depends in this case only 
on pmod m. In particular, p splits completely in K <> p=1mod m.A 
useful observation is that the decomposition of (p) in Ox,, is fully determined 
by the action of the Frobenius endomorphism Fr, on the finite ring Ox /(p), 
so that in the case p }'m this endomorphism may be regarded as the element 
of the Galois group G(K,,/Q): | 


(Fry: Gm > GP) => pmod me (Z/mZ)* = G(Km/Q). 


It is useful for further applications to reformulate theorem 2.4 using the 
Dirichlet characters y : (Z/mZ)* — C*. The conductor of y is by definition 
the least positive integer m(x) such that y can be defined modulo m(yx), i.e. 
to which x factors through the natural projection 


(Z/mZ)* > (Z/m(x)Z)* A4C%. 


The corresponding character x9 mod m(x) is called the primitive Dirichlet 
character associated with y. Theorem 2.4 is equivalent to the following identity 
(cf. 4.2.3 below): 


[[@-Ne~) = [] G—xo)p7*) (s€C). (2.5) 


p|(p) xmod m 


Indeed, the theorem implies that the left hand side has the form (1 — p~/%)" 
for p/m, and (1—p~/ *)" for plm, where f is equal to the order of p mod m 
in (Z/mZ)*, f-r = p(m), f’ is equal to the order of the element p; mod m’ 
(with m! = mp; “) in Z/m’Z, and f’-r’ = v(m’). It remains to verify the 
equation 

a-Tf)"= |] G-x(p)7). (2.6) 

xmod ™m 

Let pr be the group of roots of unity of degree f, then 1 — Ti =] iis (1—¢T). 
Equations (2.5) and (2.6) follow from the fact that for any ¢ € py there 
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are exactly r characters y(mod m) such that y(p) = ¢ (cf. Borevich Z.1., 
Shafarevich I.R. (1985), Lang S. (1970), Serre J.-P. (1970)). 


2.5 Prime Ideals, Valuations and Absolute Values. An alternative approach 
to the theory of divisibility has arisen from the notion of the z-order ord,a 
of an element a # 0, a € R for a prime element 7 of a unique factorization 
domain R: here ord,a is defined to be the largest exponent of 7 dividing a in 
R, so that there is a decomposition: a = ent! -...- 7, in which k; = ord,,a, 
e € R* is a unit. 

The function ord, can be uniquely extended to the field of fractions K of 
R as a homomorphism ord, : K* — Z with the following properties: 


1) Va,b € K%* ord,(ab) = ord,a + ord,b, 

2) Va,b € K* ord,;(a+ 6) > min(ord,a, ord,)), 

3) a divides 6 in R ==> Vr ord,a < ord), 

4) nR={a€ R| ord,a > 0} is a prime ideal of R, 
5) R={xeK* |Vr ord,zx > 0}U {0}. 


Generalizing, for an arbitrary field K the notion of a valuation v is intro- 
duced as a function v: K* — Z satisfying the conditions 


1) Va,b € K* v(ab) = v(a) + v(d), 
2) Va,be K* v(at+b) > min(v(a), v(d)). 


More often one uses instead of v a multiplicative absolute value: for a fixed 
p,09<p<1 put |z|,.= pr) , [Olo0 = 0. 


Definition. An absolute value | -| of a field K is a real-valued function 
xz ++ |x| with non-negative values, such that 


1) Va,b € K™ |a-b| = jal - d], 
2) Va,be K* |ja+)| < jal + OI, 
3). || == 0 = a0) 


An absolute value is called non—Archimedean iff instead of 2) the following 
stronger inequality is satisfied 


2') Va,be K* |a+b| < max({al, |d]). 


Thus the function |- |, is a non~Archimedean absolute value. An absolute 
value of the type |-|,,. is called a discrete absolute value. An example of such 
an absolute value is given by the p-adic absolute value |a/b|, = p4r-ordra 
(a,b € Z) of the field Q. The usual absolute value |z| of s € Q C R is an 
Archimedean absolute value of Q. 


If |-| is a non-Archimedean absolute value of K, then the subset O = 
{x € K | |x| < 1} is aring with a unique maximal ideal p = {x € K | |z| < 1}. 
Such rings are called valuation rings. For the discrete absolute value |-| = |-|p,0 


corresponding to a valuation v, the notation Ri,) = O, pi.) = p is used, and 
pv) is a principal ideal generated by any 7 € K such that v(7) = 1. 
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Now one can define a divisibility theory on an integral domain R with field 
of fractions K with the help of a family of valuations 5’ = {v} such that the 
following properties are satisfied: 


1) a divides b in R => We DY, v(a) < v(b); 

2) for all a € K* one has v(a) = 0 for all but a finite number of v € 
3) the set Ri.) = {x € K | v(x) => 0} U {0} uniquely determines v; 

4) R= Aver Ry). 


If such a family »’ exists then the group of divisors D = Dy is defined to 
be the free Abelian group with basis 2’. Its elements are written additively 
as finite formal sums }°,k,v,; or multiplicatively [], pri, where only finitely 
many of the k; are non zero. The following homomorphism is defined 


div: K* + D, div(x) = I] ae), 
ved 


This homomorphism is called a divisor map on R. 

The class of rings with a divisibility theory is larger than the class of 
Dedekind rings, and it admits a purely algebraic characterization as the class 
of Krull rings. Notice that in order to construct valuations, not all of the 
prime ideals of the ring are used. If we try to define for a prime ideal p Cc R 
a valuation v by putting for a € R v(a) = min{n > 0 | a € p”}, then we suc- 
ceed only when the localization Ry of R with respect to p is a Noetherian, 
integrally closed ring with a unique maximal ideal, where 


Ry = {x =a/b|a,be Rb ¢ p}. 


The idea of using valuations rather than prime ideals, which arose from 
the study of algebraic numbers, has turned out to be very fruitful in algebraic 
geometry. In turn, developments in algebraic geometry have lead to a number 
of inventions in number theory (cf. Chapters 3 and 4). 

To conclude this section we remark that all absolute values of Q either have 
the form |z|* (0<a<1, |x| being the usual absolute value of x € Q C R), or 
have the form |x|} (a > 0, where |z|p is the p-adic absolute value of x € Q). 
This result is due to Ostrowski cf. Borevich Z.I., Shafarevich I.R. (1985), 
Chevalley C. (1940). 


§3. Local and Global Methods 


3.1. p-adic Numbers. The idea of extending of the field Q appears in alge- 
braic number theory in various different guises. For example, the embedding 
Q c R often gives useful necessary conditions for the existence of solutions 
to Diophantine equations over Q or Z. The important feature of R is its com- 
pleteness: every Cauchy sequence {a,}°~_, in R has a limit a (a sequence is 
called Cauchy if for any € > 0 we have |a;, — Q | < € whenever n and m™ are 
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greater than some large N = N(e)). Also, every element of R is the limit of 
some Cauchy sequence {a,}~—_, with a, € Q. 
An analogous construction exists using the p-adic absolute value | - ® of Q 
(see §2): 
|- lp? Q—> Roo = {2 ER |x 20} 
|a/b|» - Tapes Alm da a Ol, = 0), 


where ord,a is the highest power of p dividing the integer a. This general 
construction of “adjoining the limits of Cauchy sequences” to a field k with 
an absolute value |-| leads to a completion of k. This completion, often denoted 
k, is complete, and contains k as a dense subfield with respect to the extended 
absolute value |-|, Borevich Z.I., Shafarevich I.R. (1985), Koblitz N. (1980). 

As was noted at the end of §2, all absolute values of Q are equivalent either 
to the usual Archimedean absolute value, or to the p-adic absolute value. 
Thus any completion of Q is either R, or Q,, the field of p-adic numbers, i.e. 
the completion of the field of rational numbers Q with respect to the p-adic 
absolute value. Using the embeddings Q — R and Q —> Q,), (for all primes 
p) many arithmetical problem can be simplified. An important example is 
given by the following Minkowski-Hasse theorem Borevich Z.1., Shafarevich 
I.R. (1985), Cassels J.W.S. (1978), Chevalley C. (1940): the equation 


OF 5 95504050) = 0, (3.1) 


given by a quadratic form Q(21,22,...,2n) = Doig QijLiL;j, A; € Q hasa 
non-trivial solution in rational numbers, iff it is non—trivially solvable over 
R and over all Q,. There are very effective tools for finding solutions in Qp. 
These tools are somewhat analogous to those for R such as the “Newton -. 
Raphson algorithm”, which in the p-adic case becomes Hensel’s lemma. 
The simplest way to define the p-adic numbers is to consider expressions 
of the type | 
= Amp™ +amiip™t!+..., (3.2) 


where a; € {0,1,....p—1} are digits to the base p, and m € Z. It is convenient 
to write down a as a sequence of digits, infinite to the left: 


m-—-1 zeros 


(omnes, ; 
= 4 +++Am4idm000...0(p), if m = 0, 
***Q1A9.A—1°**Am(p)s ifm < 0. 


These expressions form a field, in which algebraic operations are executed 
in the same way as for natural numbers n = a9 + ajp+...a,p", written 
as sequences of digits to the base p. Consequently, this field contains all the 
natural numbers and hence all rational numbers. For example, 

p—l 


Vege, Opt Op SOG) Gy), 
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p-—1 


= ag + agp + agp? +--+ = +++ a9a9ao(p). 


For n € N the expression for —n = n- (—1) of type (3.2) is obtained if we 
multiply the above expressions for n and for —1. Generally, for a € Q write 
a=c-— §, wherea,ce Z,b€ N,0 <a <6, i. a/b is a proper fraction. 
Then by an elementary theorem of Euler, p?) — 1 = bu, u € N. Hence 
a au 
ar Ost 


and au < bu = p" —1, r = ¢(b). Now let au be written to the base p as 
Ar—1**+@0(p), then the expression of type (3.2) for a is obtained as the sum 
of the expression for c € N and 


r digits r digits 


a Pet Venetian 
“5 =. 7° AQAr—1 °°" AQAr—1 °° * A0(p)- 

For example, if p = 5, 

9 5 5 - 2232 

ee = 2 0), 6221 

fi 7 a 1 — 56 Cc , a ? Sa) 
so that 

2232 = 324125) =3-5°+2-5°+4-57+1-542, 

thus 


9 AEP. TN 
a 324120324120324122(s5). 


It is easy to verify that the completion of Q with respect to the p-adic 
metric | - |, can be identified with the described field of p-adic expansions 
(3.2), where |a|, = p™ for a as in (3.2) with am 4 0 (see Koblitz N. (1980)). 

It is curious to compare the expansions (3.2) infinite to the left with the 
ordinary expansions of real numbers a € R, infinite to the right: 


= AmAm—1°** A9-A—1 +++ = Am 10™ + am_110- 1 4+---ag +a_110714+---, 


where a; € {0,1,---,9} are digits, a,, # 0. These expansions to any natural 
base lead to the same field R. Also, a given a can possess various expressions of 
this type, e.g. 2.000--- = 1.999.--. However, in the p-adic case the expressions 
(3.2) are uniquely determined by a. This fact provides additional comfort 
when calculating with p-adic numbers. 

The field Q, is a complete metric space with the topology generated by the 
“open discs”: 


Un(r) = {x | je—al<r} (2, a€Qy, 7 >0) 


(or “closed discs” D,(r) = {x | |x — a| <r}). From the topological point of 
view, the sets U,(a) and D,(r) are both open and closed in Qp. 
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An important topological property of Q, is its local compactness: all discs 
of finite radius are compact. The easiest way to show this is to consider any 
sequence {a,},~_, of elements an € D,(r) and to construct a limit point. 
Such a point may be found step-by-step using the p-adic digits (3.2). One 
knows that the number of digits “after the point” is bounded on any finite 
disc. In particular, the disc 


Zp = Do(1) = {2 | |tlp < 1} = {2 = a0 + aip + aap” +--+} 


is a compact topological ring, whose elements are called p-adic integers. Z, is 
the closure of Z in Q,. The ring Zy, is local, i.e. it has only one maximal ideal 
pZ, = Uo(1) with residue field Z,/pZ, = F,. The set of invertible elements 
(units) of Z, is 

ZX = Zy\pLy = {x | |t|p = 1} = {c@ = a9 + apt agp? +--- | ao £ O}. 


For each x € Z, its Teichmiiller representative 


w(x) = lim 2?” 
TL OO 


is defined. This-limit always exists and satisfies the relations: w(x)? = w(x), 
w(x) =x mod pp. For example, if p = 5, we have 


w(1) = 1; 
w(2) =24+1-542-5741-5943-54..-; 
w(3) =343-542-5743-594+1-54+...; 
w(4)=44+4-54+4-5° 44.59 44.544... = -1:; 
w(5) = 0. 
The ring Z, can also be described as the projective limit 
lim Z/p"Z 
of rings A, = Z/p"Z with respect to the homomorphisms yy, : An — An—1 of 
reduction modulo p”~!. The sequence 
‘iol a A A eae en At (3.3) 


forms a projective system indexed by positive integers n > 1. The projective 
limit of the system is defined as a ring 


lim A, 


nm 


with the following universal property: there are uniquely defined projections 


T : lim An — An 
nr 
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such that for an arbitrary ring B and a system of homomorphisms y,, : B > 
A,, compatible with each other under the condition: p,_1 = Yn, for n > 2, 
there exists a unique homomorphism w : B — A such that wy, = try Koblitz 
N. (1980), Serre J.-P. (1970). Note that the uniqueness of A is implied from 
its existence by abstract nonsense. Hence for the ring Zp it suffices to define 
the projections 7, : Zp — Z/p"Z, and to check the universal property using 
digits as in (3.2). 
Analogously, 
Zp = lim(Z/p"Z)”, 


and one can describe the structure of the multiplicative group Q>. 
Put v = 1 for p > 2 and v = 8 for p = 2, and define 
U =U, = {x € Z,|z = 1 mod p”}. 


Then there is an isomorphism U > Z, from the multiplicative group U, to the 
additive group Zp, which is given by combining the natural homomorphism 


U = lim U/U?" 


with the special isomorphisms 
Qpn : U/UP”  Z/p"Z, 
given by 
pn ((1+ p’)*) =a mod p” (a€ Z). (3.4) 


One easily verifies that (3.4) is well defined and gives the desired isomorphism. 
Therefore, the group U is a topological cyclic group, and 1 + p” can be taken 
as its generator. Another proof of this fact is obtained using the power series 


e.@) 2” 
log(1 + 2) = eG ieee 
n=1 


which defines an isomorphism from U onto pZp 
One has the following decompositions 


Q* =p” x ZX, ZX & (Z/p’Z)* x U. (3.5) 


3.2. Applications of p-adic Numbers to Solving Congruences. The first ap- 
pearances of p-adic numbers, in papers by Hensel, were related to the problem 
of finding solutions to congruences modulo p”. An application of this method 
by his student H.Hasse to the theory of quadratic forms has lead to an elegant 
reformulation of this theory, without the use of considerations over the residue 
rings Z/p"Z. These considerations are tiring because of the zero—divisors in 
Z/p"Z. From the above presentation of Z, as the projective limit> 
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lim Z/p"Z 


it follows that for f(z1,...,2%n) € Zp[r1,..., 2], the congruences 
f(a1,.--,2n) = 0(mod p”) 
are solvable for all n > 1 iff the equation 


Fl Diy sted) = 0) 


is solvable in p-adic integers. Solutions in Z, can be obtained using the fol- 
0) 


lowing p-adic version of the “Newton - Raphson algorithm”. 


Hensel’s Lemma. Let f(x) € Z,[zx] be a polynomial in one variable x, 
f'(x) € Z,[x] its formal derivative, and suppose that for some ag € Zp the 
initial condition 


If (a0)/f'(a0)"lp < 1. (3.6) 


1s satisfied. 
Then there exists a unique a € Z, such that 


f(a) =0, |a—apo| <1. 


We prove this by induction using the sequence of “successive approxima- 


tions” : 

f (An—1) 
f!'(Qn—1) 
Taking into account the formal Taylor expansion of f(z) at x = Qn_1 one 
shows that this sequence is Cauchy, and its limit @ has all the desired prop- 
erties (cf. Lang S. (1952), Cassels J.W.S., Frohlich A. eds. (1967), Borevich 
Z.1., Shafarevich I.R. (1985), Serre J.-P. (1970)). 

For example, if f(x) = x?~! — 1, then any ap € {1,2,...,p—1} satisfies 
the condition | f(ao)|> < 1 At the same time f’(ao) = (p—1)ab~* #0 mod p, 
hence ‘the initial condition (3.6) is satisfied. The root a@ coincides then with 
the uniquely defined Teichmiiller representative of ag: @ = w(ao). 

The method described is applicable to polynomials in many variables, al- 
though for more than one variable the p-adic solution is not unique Lang S. 
(1952), Borevich Z.I., Shafarevich I.R. (1985), Koblitz N. (1980), Serre J.-P. 
(1970). 

Another interesting application of Hensel’s Lemma is related to describing 
the squares of the field Q,: for an arbitrary 


An = An-1 — 


a=p™-v € Q® (mEeZ, vEZ), 
the property that a@ is a square is equivalent to saying that 


“)Tt was stated in this form first by S. Lang (S. Lang 1952, 1954). 
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a) for p> 2,m€ 2Z, and ¥ =vmod peé€ (Z/pZ)*? (ie. (2) = 1, where 


p 
(2) is the Legendre symbol (see 1.1.5, part I)); 
b) for p=2,me€é2Zandv=1mod 8. 
The solvability of x? = a in Q, under conditions a) and b) is implied 
by Hensel’s Lemma, and the necessity of these conditions is deduced more 


trivially from considerations modulo p and modulo 8. 
As a corollary we give the following description of the quotient group 


Qx /Q>5? 
a) for p > 2 it is isomorphic to Z/2Z x Z/2Z with the system of coset 
representatives {1, p, v.pu}, (2 Sle 


b) for p = 2 it is isomorphic to Z/2Z x Z/2Z x Z/2Z with the system of 
coset representatives {+1,+5,+2,+10}. 


3.3. The Hilbert Symbol. In this subsection we allow p = oo, in which case 
we write Q,, for the field of real numbers R. The Hilbert symbol (or norm 


residue symbol) 
a,b a,b 
a,b)={ > }={—]|=(a,b 
ae ey a, orn 


is defined for a,b € QD by 


(a,b) = 1, if the form az? + by? — z? has a non-trivial solution in Q,; 
—1, otherwise. 


It is clear that (a,b) depends only on a and b modulo squares. There is a 
asymmetric form of the definition, namely (a, b) = 1 iff 


a = z” — by” for some y, z € Qs. (3.7) 


Indeed, from (3.7) it follows that (1, y, z) is a non-trivial zero of the quadratic 
form az” + by? — z?. Conversely, if (x0, yo, zo) is a non-trivial zero, then one 
can obtain all other zeros using a geometric trick in which one draws secants 
from the point (zo, yo, Zo) in all directions given by vectors with coordinates 
in Q, (see part I, 1.2.3). Using this method we may reduce to the case ro F 0. 
Then (yo/Zo, 20/Zo0) satisfies (3.7). 


Local properties of the Hilbert symbol: 


' (a, b) = (0, a); (3.8a) 
b) 

(a1a2,b) = (a1,0)(a2,b), (a,b1b2) = (a, b1)(a, ba); (3.8b) 
" if (a,b) = 1 for all b, thenaeé Q*?; (3.8c) 


(a, —a) = 1 for all a; (3.8d) 
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if p £ 2,00 and |a|, = |b|, = 1, then (a,b) = 1. (3.8e) 


In particular for a fixed b, the a for which (a,b) = 1 form a multiplica- 
tive group. Equation (3.7) expresses the fact that a is a norm from the 
quadratic extension Q,(Vb)/Q, (cf. Borevich Z.I., Shafarevich I.R. (1985), 
Cassels J.W.S. (1978), Chevalley C. (1940), Serre J.-P. (1970)). 

A calculation of the Hilbert symbol makes it possible to solve completely 
the “global” question on the existence of non-trivial rational zeros of quadratic 


forms (in view of the Minkowski-Hasse theorem). If, say 
Q(x, y,z) = ax? + by? + cz” (a,b,c € Q, c¥ 0), (3.9) 


then (3.9) has a non-trivial zero over Q iff (—a/c, —b/c)p = 1 for all p including 
p = oo. This criterion is very effective because for almost all p we have |a|, = 
|b|> = 1, whence (a, b), = 1 for p 4 2, oo in view of (3.8e). We give a table of 
the values of (a, b),: 


Table 10. The Hilbert symbol for p > 2. 
Here v denotes an element v € Z such that 
" = —1, and e = 1 iff -1 € Q*’ 
(i.e. iff p= 1 mod 4). Otherwise ¢ = —1 


| *4a* FF | 


A global property of the Hilbert symbol (the product formula). Let a,b € Q*. 
Then (a,b), = 1 for almost all p and 


Tl @5p=1 (3.10) 


p including oo 


Formula (3.10) is equivalent to the quadratic reciprocity law (see part I, 1.1.5). 
Indeed, by (3.8e) one has |a|, = |b|, = 1 for all but a finite number of p, hence 
(a,b)» = 1 for p 4 2,00 in view of (3.8e). Denote the left hand side of (3.10) 
by f(a, b), then by (3.8b) one has 


f (@1a2, b) = f(a, b) f (aa, b), 
f(a, bib) = f(a, b1) f(a, be), 
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and one verifies that f(a,b) = 1 when a and b run through the set of generators 
of the group Q”: 


—1, 2, —q an odd prime. 


Table 11. The Hilbert symbol for p = 2 


b 


In what follows we shall need an analogous product formula for the nor- 
malized absolute values | - |p. 


The product formula for absolute values. Let a € Q*. Then |a|, = 1 for all 
but a finite number of p, and 


TE leet (3.11) 


p including oo 


Indeed, if a € Q*, then 
= + I] prr's) 


PHFOO 
where v,(a) € Z and v,(a) for all but a finite number of p. The product 
formula now follows from the identities: 


jalp =p? (for p # 00), 


\Qloo = I] preta), 


poo 


In 3.6 we discuss the global properties of absolute values in more detail. 
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3.4. Algebraic Extensions of Qy, and the Tate Field. If K is a finite al- 
gebraic extension of Q, then K is generated over Q, by some primitive ele- 
ment a € K. The element a is a root of an irreducible polynomial of degree 
d= [ik Qp], 

f(x) = 2? +.ag_124! 4+... +.ap € Q,[z]. 


The absolute value | - |, has a unique extension to K defined by 


Alp = (INx oe, (B)|p)*/4, (3.12) 


where Nx /gQ,(G) € Q, is the algebraic norm of the element 6 € K. Formula 
(3.12) defines a unique extension of | - |, to the algebraic closure Q, of Qp. 
The uniqueness of this extension can easily be deduced from the local com- 
pactness of K as a finite-dimensional Q,-vector space: all of its norms over 
Q, are equivalent (the same thing happens for R”). It then follows from the 
multiplicativity of absolute values that any two must coincide. 

The function ord, can then also be extended to Q, by setting ord,pa = 
log, |@|p. Formula (3.12) implies that ord, K™ is an additive subgroup of 4Z. 


Hence ord, K* = 1Z for some positive integer e dividing d. We shall call e 
the ramification index of the extension K/Q,. 
Put 
On ={xeEK|\z|,>< 1}, pr ={zeEK||z|p <1}. (3.13) 


Then px is the maximal ideal in Ox and the residue field Ox /px is a finite 
extension of degree f of F,. One has the relation d = e- f, in which f is 
called the inertial degree of the extension. For each x € Ox its Teichmuller 
representative is defined by 


w(x) = lim Pl” w(x) = x(mod px), (3.14) 


and satisfies the equation 
w(x)?” = (2). 


The map w provides a homomorphism from the group of invertible elements 
On =Ox\pe ={re K||z|p =1} 


of Ox onto the group of roots of unity of degree p/ — 1 in K, denoted by 
Ups —1- One also has an isomorphism 


(Ox/pK)* 7 Ups—1 C OF. (3.15) 


The structure of the multiplicative group K* can be described analogously 
o (3.5): if [K : Q,] =d, then 


K* =n" x OL, Of = (Ox/px)* x Ux, (3.16) 


where 7 is a generator of the principal ideal px = m7Ox (i.e. any element 
a € K* with ordpz = 1/e), 
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Ux = {x € Of ||z -1|p < 1} = Di (17; K). 


The structure of the group Ux is then described as a direct product of d copies 
of the additive group Z, and a finite group consisting of all p-power roots of 
unity contained in K. 


Example. If e = 1 then the extension K is called unramified. In this case 
f =d and the Teichmiiller representatives generate K over Q,. Therefore 


KG," ),. Nap? a1, 


On the other hand, if e = d then the extension K is called totally ramified. For 
example, if ¢ is a primitive root of unity of degree p”, then Q,(C) is totally 
ramified of degree d = p™ — p”—!, and we have that 


1 
ord,(¢ = 1) = pr — pri 


(3.17) 
The Tate Field. For purposes of analysis it is convenient to embed Q, into 


a bigger field, which is complete both in the topological and in the algebraic 
sense. This field is constructed as the completion Cp = Q, of an algebraic 
closure Q, of Q, with respect to the unique absolute value satisfying the 
condition |p|, = +. The proof that C, is algebraically closed is not difficult. 


We shall use ie notation 
Op = {x €C,||elp <1}, p= {xe C,||z|p < 1}. 


Note that the O, and p are no longer compact, so the field C, is not locally 


compact. We also have that O,/p = F, is an algebraic closure of Fp. 


3.5. Normalized Absolute Values. If F is a locally compact field, then its 
topology can by given by an absolute value. This fact is deduced from the 
existence of a Haar measure p on a locally compact group G, i.e. a measure 
invariant under group shifts © + gx (z,g € G): 


[ f(x) du(e) = é f(x) du(gz) = [ flg712) du(z) 


for all integrable functions f : G — R. This measure is defined uniquely up to 
a multiplicative constant. However, we do not need a general construction of 
du (Weil A. (1940)), and we point out only some concrete examples. 

If G = R (the additive group) then du(x) = dx (Lebesgue measure), and 
d(x +a)=dz,a€R. If G = R* (the multiplicative group), then du = oe 

IfG=C,z=r+i1ye€C, then du = dzdy. 

If K/Q, is an extension of degree d, and g = p’ is the number of elements 
of the residue field Ox /px, then the measure dy on the additive group K 
is uniquely determined by the number J6, du = p(Ox) = c > 0; one has 


u(a+ pr) = cq, because the measures of all of the sets a+ px are equal 
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and Ox = Uamod px (a+ px). More generally, for all n € Z and a € K one 
has 


wWa+ Pe) = cq”. (3.18) 
Any measure dy on the additive group of a locally compact field F’ defines 
an absolute value || - || : F — R>o: for a € F* the number |lal| is defined as 


the multiple, by which the two Haar measures du(x) and du(ax) on F differ: 


ua) = |lal|u(U), (3.19) 


where U is an open subset of positive measure, u(U) = f,, du(x). The multi- 
plicativity property 


|B || = lal - 14l| (a, 8 € F*) (3.20) 


follows immediately from definition (3.19). If the topology of F is non-discrete, 
i.e. not all subsets are open, then one verifies, that discs of finite radius 
Di(r) = {x € F | ||z — || < r} are compact, and the function || - || is 
continuous. Hence this function is bounded on such discs. In particular, 


1 tall <C for fla) <1 (3.21) 
for a positive constant C > 1. From (3.21) it follows that 
Va,8€F lla + pl| < Cmax(|lal, ll) (3.22) 


which is weaker than that in the definition of an absolute value from §2. These 
functions are called generalized absolute values. If for example F = C, and 
U={z=atiyeC| |z| = 1}, then u(w) = |w|?u(U), where |w|? = ww, 
and (3.22) is satisfied with C = 4. However, if for all n € N one has ||n|| < 1, 
then C = 1, so that || - || is a non—Archimedean absolute value. 

In particular, for an extension K/Q, with [K : Q,| =d put 


U=Oxrn, a=n™v (m €Z,v € O;), 


where 7 is a uniformizing element, py = (a). We have |la|| = q~™ = p-/™. 
Since p = 7°u for some u € OF, we obtain 


lll = u(POx)/w(Ox) = |Ox/pOx|* =p*. 


This proves the formula d = e- f. 


3.6. Places of Number Fields and the Product Formula. We shall call two 
(generalized) absolute values || - ||, and || - |l2 of a field F equivalent if ||x||, = 
\|z||$ for all 2 € F and for a constant c > 0. A class of equivalent absolute 
values is called a place of F, and it will be denoted by v. The symbol F, 
denotes the corresponding completion (with respect to one of the equivalent 
absolute values in v). 
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The theorem of Ostrowski (see §2) says that every place of Q is either v = p 
(p a prime), or v = oo. If the place v is non—Archimedean, then we let the same 
symbol v denote the valuation of F normalized by the condition v(F™ ) = Z. 

We list places of finite extensions F of Q. To do this we construct all 
possible extensions to F of absolute values on Q, since the restriction to Q of 
any absolute value on F’ is an absolute value of Q. More generally, let F'/k 
be a finite separable extension of k with an absolute value | - |,, (for example, 
k = Qand v = por v= 00); f(z) € k[z] the irreducible polynomial of degree 
n =([F : k] of a primitive element a@ for F over k, and let 


F(z) =|] as) (9s() € He) (3.23) 


be the decomposition of f(x) into polynomials irreducible over L, where L = 
ky is the completion of k with respect to v. 
In view of the theorem on tensor products of fields (see 2.1.3), there is a 
ring isomorphism Ze 
Fe,L=|[L;, (3.24) 
j=l 
where L; = L{z]/(g;(z)) is the finite extension of ZL containing F via A; : 
In 3.3.4 we saw that there exists a unique absolute value on L; extending 
|- |, from DL = ky, where it is canonically defined as on the completion. Let 


us denote this extended absolute value on L; by the same symbol |.- |, and 
define an absolute value | -|,,; on F using the embedding A; by putting 


Blv.g = |Aj(2)|v- (3.25) 


It is not difficult to verify that all the |-|,,; are different, and that they are the 
only extensions of |-|, from k to F, such that (3.24) becomes an isomorphism 
of topological rings. Thus there are no more than n = [F' : k] extensions of 
an absolute value |- |, of k to F’. These extensions are described explicitly by 
(3.25), assuming one knows the decomposition (3.23). Formula (3.12) shows 


that 
IA; (2) Io =" \V IN /L05 (B))lo, 


where n,; = [L; : L] = degg;(x) is the local degree. 
To obtain the normalized absolute value || - ||,,; we put for G € F” 


Wllus = (Nz; /L0g(8))Iv- 
Then for all @ € F* one has: 


[] WGllo.5 = [Nee (Io. (3.26) 
j=l 


This follows from N/x(8) = []j21 Nz,/1(A;(8)) in view of 1.3. 
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Product Formula for Normalized Absolute Values. Let k/Q be a finite ex- 
tension, a € k*, and let |-|,, run through the normalized absolute values of 
k. Then |a|, = 1 for all but a finite number of v, and the following product 
formula holds 


[lel =1. (3.27) 


This is easily deduced from formula (3.26), in which we put k/Q instead of 
F/k and notice that Nz/g(a) € Q%. It then suffices to apply the already 
proven product formula for Q, see (3.11). 


Global Fields. We use the term “global field” to refer to either a finite 
extension of Q (an algebraic number fields) or a finite, separable extension of 
F,(t), where F, is the field with g elements and t is a (transcendental) variable 
(a function field with positive characteristic) Artin E., Whaples J. (1945), 
Artin E., Tate J. (1951), Borel A., Casselman (1979), Weil A. (1974a). 

In every global field there is a product formula and a similar classification 
of the normalized absolute values. Many problems concerning integers have 
natural analogies in function fields. These analogies can sometimes be more 
successfully treated using methods of algebraic geometry, and they provide 
a rich source of intuition for the number field case (see §5 of Chap.2, §2 of 
Chap.3 and §5 of Chap.4). | 


3.7. Adeles and Ideles. In arithmetical questions the ring Z is often con- 
sidered as a lattice in R, i.e. a discrete subgroup of the additive group of the 
locally compact field R with compact quotient group R/Z, the quotient being 
isomorphic to a circle. It turns out, that for a global field k one can canonically 
construct the “smallest” locally compact ring A,, containing k as a lattice. 
This means that k is a discrete subring in A, with compact additive quotient 
group A;/k. The ring A,, which is called the ring of adeles is constructed 
using all the embeddings k ~ k,, where v runs through the set X' = 
of all places of k. One defines Ay to be the subring of the product [],¢5 ky 
consisting of all infinite vectors a = {Qy)yex, Ay € ky such that ay € Oy 
for all but a finite number of v. In view of 3.6 the number of Archimedean 
places does not exceed n = [k : Q]. Hence all but a finite number of places 
are non—Archimedean, and the compact subring O, C k, is defined to be the 
valuation ring of v: 


me= fate Th 


ves 


Qy € O, for all but a finite number of ob 


(3.28) 
One gives A; the topology generated by the open subsets of the type 


Ws =|] wx [[. (3.29) 


ves vEeS 
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where S runs through all finite subsets S C 2’, and W, are open subsets in k,. 
The set Wg is compact (has compact closure) if all the W, are bounded. Hence 
A; is a locally compact topological ring in which k is embedded diagonally . 


k Dar (-++,a,Q,-°+)yes € Ap C [] & 
vey 


(note that in view of 3.6 |a|,, = 1 for all but a finite number of v € 2). It is 
interesting to note that the product [],,<5 ky is too big to be locally compact: 
by definition of the product topology, the projection of any open subset U C 
The ys ky onto k, coincides with k, for almost all v, thus U would never be 
compact having non-compact image under a continuous map (projection). 
The above construction of A, is called the restricted topological product of the 
topological spaces k,, with respect to the compact subspaces ©, defined for 
all but a finite number of indices v. The convergence of a sequence {a}°2,, 
On = (Qy.n)y € Ax to 6 = (B,) € Ax means that for any e > 0 and any finite 
set S Cc +’ there exist N € N such that 


1) Vn > N Vu € S Any — By € Ov, 
2) Vn > N Vue S lans — Buly < €. 
Every principal adele a, i.e. 
Q@=(---,Q,a,--:)y EK C Ax (3.30) 


can be separated from the rest of k by a neighborhood of type (3.29) with 
S={ve|a¢ O,}. Hence k is discrete in Ay. The compactness of the 
quotient group A; /k has an explanation via the Pontryagin duality theory of 
locally compact commutative topological groups: A;/k is isomorphic to the 
group k of all characters of k. Recall that for a locally compact group G its 
group of continuous characters 


G = Homgontin(G, 5’) (3.31) 


(where St = {z € C% | |z| = 1}) is again a locally compact group in the 
natural topology of the character group; one always has G*” = G, and for 
any exact sequence 

1—G,- G—->G.->> 1 


with continuous homomorphisms, the dual sequence for characters is exact: 
ee oes Cary Cees, 


By the association G t> G , finite groups remain finite; discrete groups become 
compact groups (and conversely), and for a connected group G its dual G is 
torsion free. If H C G is a closed subgroup, then its annihilator 


Ht = {x e@|x(H)= 1} (3.32) 


is isomorphic to (G/H)*. 
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In the simplest example Z C R one has Z* © S', S!4 = Z, and the 
group R is self-dual: R“ & R (the number t € R corresponds to the character 
(x > e?72t) so that Z+ & Z. 

One can verify that the additive group Ax is self dual, and a € Ax, corre- 
sponds to the character (3 + x(a)) € Ax, where yx is a non-trivial additive 
character of A, satisfying y(k) = 1, so that k & k+ = (A,/k)*. 

Consider in detail the case k = Q, and the ring A = Ag. For a = (ay), € A 
the fractional parts {a,} are defined (for v = p one uses the p-adic expansion 
(3.2) to define {a,} = a_yp7' +--+ +amp™ for m < 0). Then for all but a 
finite number of v we have that {ay} = 0, and {a} = }/,.4..{Qv} is a rational 
number. The character y can be defined by the formula 


B ++ exp(—27i{Boo})- |] exp(2mi{G,}), (3.33) 


VA#OCO 


and for each GB € Q” one has y(@) = 1. 
For each component v the character x, : Q* — S! is defined by 


Xv(B) = exp(272{G}) 


(GB € Q,), which provides the self-duality of the locally compact field Q, 
(v = p, co) in a similar way: an element t € Q, corresponds to the character 
Lt Xy(tx). This also gives us a description of the quotient group 


A/Q = R/Z x |] Zp, (3.34) 


which is easily seen by subtracting from an adele a its fractional part 


{a}= J {a} eQ (3.35) 


vA#COo 


The quotient group A/Q is compact by the theorem of A.N.Tychonov on 
products of compact spaces. For a number field k it is useful to consider the 
isomorphism of topological rings 


A, &k@ Ag, (3.36) 


which implies an isomorphism of additive groups Att) a ayy where 
n = [k : Q], and also statements on the discreteness of k is A, and on the 
compactness of the quotient group A;/k. One verifies easily that an analogous 
isomorphism takes place for an arbitrary extension of global fields F'/k: 


Apr = F @x Ag. (3.37) 


The Idele Group, cf. Chevalley C. (1940), Weil A. (1974a). The set of all 
invertible elements of a ring R forms a multiplicative group R*. If R is topo- 
logical, the topology on R% is defined by means of the embedding z +> (z, x~+) 
(R — Rx R) so that. the inversion map x +> x7! is continuous. The idele 
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group J, of a global field k is the topological group Af of invertible elements 
of the ring A;. The group J; coincides with the restricted topological product 
of the locally compact groups k7 with respect to the compact subgroups O 
defined for non—Archimedean places v € J. 


3.8. The Geometry of Adeles and Ideles. The embedding of k into its ring of 
adeles Ay is reminiscent of the geometric interpretation of the ring of integers 
O = O; of k as a lattice in the R-algebra 


ko =kK@RY | [YR xC™?, A:OG key. (3.38) 


v|oo 


This analogy goes much further. Consider a Haar measure p on the locally 
compact additive group A,; this measure can be defined on the open subsets 
Ws of type (3.29) by 


p(Ws) = |] w(W), (3.39) 
ves 


where j,(O,) = 1 for v / 00 (ie. for non—Archimedean v); for Archimedean 
places one normalizes the measure as follows: 


_ J dx (Lebesgue measure) if k, =R, 
Ee 2dx dy = |dz A dz| ifz=xr+tiyek, SC. 


If GB = (Gy) € Jy is an idele, then its module is defined to be the multi- 


plicative constant |G], by which the Haar measures p(x) and u(Gxr) on A, 
differ: 


(Bx) = |B] - u(z). (3.40) 


It follows from the description (3.39) of uw that || = [],, |Gulv, where | - |» 
is the normalized absolute value from the class of a place v € 3, which for 
Archimedean places is given by the following: 


belie |x| (the usual absolute value) if k, & R, 
amen oe | ifz=xr+iyEek, =C. 


On the compact quotient group A;/k we define a measure pp by means 
of a general notion of fundamental domain: if I" is a discrete subgroup of a 
locally compact group G, then a fundamental domain X for G modulo I is 
a complete set of coset representatives for (left) cosets G/I’, which has some 
additional measurability properties. By restricting the Haar measure a of G 
onto the subset X, one obtains a uniquely defined measure on G/T’, which is 
denoted by the same letter, and a(G/I°) = a(X). 

In order to construct a fundamental domain X for A;/k we choose a Z- 
basis w1,-::,W,, of the free Abelian group © C k of algebraic integers in k. 
This is also a basis of the vector space k, =k ®R over R, and it defines an 
isomorphism @ : R™ + kg by the formula 
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O((u1,---;Un)) = SS uiwi. 
i=1 


Denote by J the interval 0 < t.< 1 in R. Then 6(J”) is a fundamental paral- 
lelogram for the lattice O in k., (see 1.3). Now take X to be the set 


MOT pe Os (3.41) 
ufo 


(a fundamental domain for k in A;). To prove that X is a fundamental do- 
main, we note that k,. +k is dense in Ay. This statement is known as the 
approximation theorem and it is a version of the Chinese remainder theorem 
(see part I, 1.1.5). Moreover, k.. x [],, Oy is an open subgroup in Ax, hence 
for any x € Ax there exists 7 € k such that 


z—1 € ko x [| Or. 


The condition that another element 7’ € k has the same property is equivalent 
to saying that 7— 17’ € O, for all non—Archimedean places v, i.e. that n — 17’ € 
O,. Thus by an appropriate choice of n we may assume that the y.o-coordinate 
of y = z—7 belongs to 6(1”); therefore y.. = O(u), u € I”, where u is uniquely 
determined. This establishes the statement. 

The first application of the measure constructed on A;,/k is a simple proof 
of the product formula (3.27): if @ € k* C J, is a principal idele, then 
Gk* =k* in Jy, and multiplication by G6 defines a homeomorphism of A;/k 
with itself, hence the Haar measures u(x) and (Bx) on A;/k must coincide, 
i.e. by (3.40) we see that 


a1 = [] ole = Oe 


Let us calculate the measure p(A;/k). The form of the fundamental do- 
main X constructed reduces this calculation to the problem of determining 
the volume of the fundamental parallelogram 6(J") in k.. This volume was 
already found in 2.1.3 (1.7). We obtain 


(Ax /k) = |Dz|'/, (3.42) 


where D;, = det (Tr(w,w;)) is the discriminant of k. Here we have taken into 
account that the measure |]... Hy On Koo differs by a multiple of 2 from the 
Lebesgue measure on those components v such that k, = C, when 


d piy(z) = 2dx dy = |dz Adz| forz=x+iyEek, SC. 


Consider the constant 


C= (2) V|Dxl, - (3.43) 
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This number is important for finding non-zero points 6 in the lattice k C Ax 
belonging to a parallelotope, i.e. to a set of the form 


Vic) = {x = (Zy)y € Ag | Vu € Ly [tyly < cy}, (3.44) 


such that c = (c,) is an infinite tuple of positive constants defined for the 
places v of k, all but a finite number of which are 1. 


Lemma (Blichfeldt) Assume that for the numbers c, we have that 
2\7? —— 
[Ie C= (=) |Dx|. 


Then there exist B E k™* NV(c) C Ag. 


Proof. Consider the auxiliary parallelotope V(c’), c' = (cj,)y, vu € &’, where 


C= Cp if v is non-Archimedean 
CG, == G)/2;, ibky:=R 
G=%/4, ifz=rct+iyek, =C. 


Then one can calculate the measure of V(c’): 
T\ 72 
w(V(c)) = ($F) [J ev > Vidal. 


In other words, the measure of V(c’) is bigger than that of the fundamental 
domain for A; /k, hence there exist two distinct points y and y’ € V(c’) whose 
images modulo k coincide, i.e. y—y’ € k*. We obtain for the number 6 = y—y’ 
the following estimates: 


max(|Yoly,|y,lvu) < cy ‘if v is non-Archimedean, 
Blu S 4 2max(lylv, [Yulo) Sc ifky SR, 
4max(|yy|v, [Yalv) if z =xr+1ye ky = C, 


proving the lemma. 


We now turn our attention to the structure of the idele group. Consider the 
homomorphism |-|, : J, — R{, which takes y = (yy)y € Jz to |y| = [], lyule: 
Denote by Jj its kernel, then hs is a closed subgroup, and in view of the 
product formula (3.27) we have that k* C Jj. The following theorem is one 
of the most important facts in algebraic number theory. 


Theorem. The quotient group Ji /k* is compact. 


The proof relies on Blichfeldt’s lemma, and is very similar to the proof of 
Dirichlet’s unit theorem, and the deduction of the latter from Minkowski’s 
lemma. One can show that this theorem is equivalent to the conjunction of 
Dirichlet’s unit theorem and the finiteness of the ideal class group (see 2.1.6 
and 2.2.2). These two statements can be easily deduced from the above theo- 
rem as follows: | 
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The Divisor Map. Let I, be the group of fractional ideals (divisors), i.e. 
the free Abelian group generated by the set of non—Archimedean places of k. 
Define 


div: J, —> Ig, div((zy)) = }— v(ay) -v, (3.45) 
vfoo 

where v denotes as agreed above the valuation of k normalized by the condition 
u(k*) = Z. Note that div(J;,) = J,, and that changing only the Archimedean 
component Zoo = (Ly)vJoo Of an idele x does not change div(zx). Note also 
that div(k*) = P, is the subgroup of principal ideals in the discrete group 
I,. Hence we have a continuous epimorphism div : Ji /kX +> I, /Py = Cl, 
of a compact group onto a discrete group. The image is both compact and 
discrete, and is therefore finite. | 


The Logarithmic Map and S-Units. Let S C 2 be a finite set of places 
containing the set ’,. of all Archimedean places. The set of elements 7 € k* 
satisfying |n|, = 1 for all v ¢ S forms a multiplicative group, which is denoted 
by Es and is called the group of S-units. 


Theorem on S-Units. The group Eg is the direct sum of a finite cyclic 
group and a free Abelian group of rank s—1, where s = Card S is the number 
of places in S (see Lang S. (1970)). 


The proof of this theorem is similar to that of Dirichlet’s unit theorem (see 
2.1.4). One considers the logarithmic map 


, R®---@R 
ee a (3.46) 


s times 


(where R is the additive group of real numbers), defined by 


l((ty)w) = € --, log Zelws .* ‘ves: 


This map is continuous, and its image contains a basis of the vector space R* 
(if S = 3’, then | is an epimorphism). 

With the help of (3.45) and (3.46) it is not difficult to describe fundamental 
domains for k* in J, and J; (see Weil A. (1974a), pp.137-139]). One can 
calculate the volume 7(J}/k*) with respect to the Haar measure ¥ on Jj /k*. 
We normalize the measure ¥ by using the decomposition: 


Ik = IE[k~ xR, YS (5 x = (3.47) 


in which 
= I] Yu 
Vv 


is the Haar measure on J;, normalized as follows: 
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Vv(O7) = 1 if v is non-Archimedean, 
dyy(x) = |x|~1dx if k, &R, 
dyy(z) = |zz|""|dz Adz|=2drdy ifz=x+iyek, XC. 


Then the following formula holds: 


¥( J, /k*) = i a = Kk, (3.48) 


where h = |Cl,| is the class number of k; Ry is the regulator, and w = wy is 
the number of roots of unity in k, see 2.1.3. This formula means that for any 
positive number m > 1 in R the subset C(m) of J,/k”* defined by C(m) = 
{x € J, /k* | 1 < |x| < m} has measure 


y(C'(m)) = Kz logm. (3.49) 


The quantities R = R,, h = hy and D = D, turn out to be the most impor- 
tant constants characterizing a number field k. These quantities occur together 
in formulae (3.48) and (3.49) for the volumes of fundamental domains, and are 
not independent. According to a deep result of Brauer and Siegel (see Lang S. 
(1970), Lang S. (1983)) one knows that for a sequence of number fields k,, of 
degrees nm = [km : Q] satisfying the condition n/ log |D,,,| — 0 as m — oo, 
the following asymptotic relation holds 


Log (Ikm * Rim) ~ 1o8(|Dkm |)". (3.50) 
The idele class group 
CreJduik* 


plays a key role in classifying the Abelian extensions of k (class field theory), 
see §4, 


If k = Q then there are isomorphisms 


Jq/Q* = RX x [] ZX, (3.51) 
p 


Jg/Q* = | [ ZX, (3.52) 
p 


which are easily established by dividing an idele a € Jg by its (multiplicative) 
divisor div(a) = [], p’?(%»), which in this situation turns out to be a positive 
rational number. As a result one obtains the element a - sign(a..) - div(a)7}, 
which belongs to the right hand side of (3.51). 
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4.1. Abelian Extensions of the Field of Rational Numbers (Artin E., Tate 
J. (1951), Chevalley C. (1940), Weil A. (1974a)). One of the central objects 
of algebraic number theory is the full Galois group G = G(Q/Q) of Q over Q, 
together with its subgroups H C G of finite index, which correspond to finite 
extensions k of Q: 
H = G, = G(Q/k) CG. 


From the topological point of view G is a compact, totally disconnected group, 
with the topology of a profinite group (the projective limit of its finite quotient 
groups): 
G = lim G/G, = lim G(k/Q), 
k k 


where Gy are subgroups which are both closed and open, as they correspond 
to finite Galois extensions (k/Q). 

Class field theory provides a purely arithmetical description of the maximal 
Abelian (Hausdorff) quotient group Gab = G;,/G%, where Gf is the closure 
of the commutator subgroup of G;,. Moreover, one has this description both 
for algebraic number fields and for function fields (global fields of positive 
characteristic). One form of this description of G?> is given by a calculation 
of all characters (one-dimensional complex representations) of the full Galois 
group Gk. 

The topological structure of infinite Galois groups is similar to that of lo- 
cally compact analytic Lie groups over p-adic fields such as SLn(Q,), Sp, (Qp) 
etc. The use of analytic methods such as the representation theory of Lie 
groups and Lie algebras, has developed drastically in recent decades. These 
techniques are related to non—commutative generalizations of class field the- 
ory (see §5 of Chap. 4). We first describe the group Ge starting from the 
Kronecker-Weber theorem which says that every Abelian extension k of Q 
(i.e.,an extension whose Galois group G(k/Q) is Abelian) is contained in a 
cyclotomic field Km = Q(¢m), where Cm is a primitive root of unity of degree 
m (see 2.1.2). There is an isomorphism 


thm: (Z/mZ)* —+ Gm = G(Km/Q), (4.1) 


which associates to a residue class a (mod m) € (Z/mZ)*, (a,m) = 1 an 
automorphism o = 0g = Wm(a) € Gm given by the condition ¢°, = ¢7,. The 
arithmetical isomorphism (4.1) makes it possible to regard Dirichlet characters 
x : (Z/mZ)* — C* as one-dimensional representations 


py 1 G25G 2 2(Z/mZ)* XC, (4.2) 


where G—5G,,, is the natural homomorphism restricting the action of the 
Galois automorphisms to the subfield Km; py = X ° m ° Tm. Hence each 
character p : G — C” has the form p = p, for some x. For example a quadratic 
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extension k = Q(/d) is contained in the cyclotomic extension Q(¢\p}), where 
D is the discriminant of k. This is easily shown using Gauss sums: for the 
quadratic character yx = yz of k we have G(x)? = D. Hence G(x) = +VD € 
Kp. Recall that x is a primitive quadratic character modulo |D| which is 
uniquely determined by the condition x(—1) = sign D. The field k corresponds 
by Galois theory to the subgroup Ker p C G(K)p)/Q) of index 2, p = py,. 

By the Kronecker-Weber theorem, the maximal Abelian extension Q?" can 
be described as the union of all K,,, and its Galois group coincides with the 
projective limit of the groups G,, = (Z/mZ)*, that is 


G?? = lim(Z/mZ)™, 


m 


where the limit is taken over the system of natural projection homomorphisms 
(Z/mZ)™" — (Z/m2Z)™ 


for m_ dividing m,. Hence the group G®° coincides with the group I], 2 
of invertible elements of the ee Z= Il, Zy (the profinite completion of the 
ring of integers). 

A more invariant formulation of this isomorphism is based on the introduc- 
tion of the ring of adeles A and its multiplicative group J = A%*, the ideles of 
Q (see 2.3.7 and 2.3.8). The group J consists of all infinite vectors 


= (Ao0} 2, A3,.--,Qp,..-) € R* x [[ o, 
p 


such that a, € Z> for all but a finite number of p. The quotient A*/U; is 
discrete. According to (3.51) we have 


J/Q* = RX x [] 2x, 
Pp 


where R% is the multiplicative group of all positive real numbers. 
The group G®° is therefore isomorphic to the quotient of J/Q by the con- 
nected component of 1: 


Geb = J [ZX & J/REQ™. (4.3) 
: | 


The important feature of this isomorphism is that the elements.of G,,, and 
hence of G®>, have an arithmetical nature; they correspond to prime numbers. 
Namely, a prime p not dividing m corresponds to its Frobenius element o = 
On: Gmt> CP. The set of all primes corresponding to a fixed element 0 € Gm 
is infinite by Dirichlet’s theorem on primes in arithmetical progressions. ‘This 
set coincides with the set of primes of type p = a+km (k € Z), where 
o = m(a). The automorphism a is called the Frobenius automorphism (and 
denoted Fr,) for the following reason: if we consider the ring Om = Z[¢m] of all 
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integers in K,, then in the reduction Om/pOm we have Fr,(r) = x”, ie. Fry 
acts as the Frobenius automorphism. The way that p splits into prime ideals 
in O,,, depends only on the image of p in the Galois group G,, © (Z/mZ)”* 
(see 2.1.2). The idea of associating a Galois automorphism to a prime number 
(or prime ideal) leads to the isomorphism (4.3), in which to Fr, one associates 
the class of the idele 


mp = (1;1,---,1,p,1,---) in J/(Ry x Q”). 


The field AK,, corresponds to the open subgroup 


Um =R% x [ [+ mZ,)* x [][ ZX c J, 


p|m pfm 


so that Gi», = J/UmQ*% Lang S. (1973). This formulation of the result is very 
easy to extend to the general case of the group G?° for arbitrary global fields 
k. Note that the set of all primitive Dirichlet characters can be identified with 
the discrete group of all characters of finite order of the idele class group C; 
(k = Q) using the projection 


J/Q* = Ry x [ [ZX > Gn. 
Pp 


Such characters are all trivial on the connected component of the identity. 
Abelian extensions of Q correspond bijectively to open subgroups of J/R7.Q*, 
and any such group is the intersection of the kernels of a finite number of 
Dirichlet characters. . 


4.2. Frobenius Automorphisms of Number Fields and Artin’s Reciprocity 
Map. Let K be an algebraic number field, [K : Q] =n, ©'® the set of all finite 
places of K (normalized discrete valuations which correspond to prime ideals 
p, ~ 0 in the ring of integers Ox of K); 


fy = {2 € OK | |zlv < 1}. 


The residue field k(v) = Ox /py is finite, having Nv = p%°S” elements, where 
Py = Char k(v) is the characteristic and degu = f, is the degree of the 
extension (or inertial degree) of k(v) over F,,. The absolute value is normalized 
by the condition 


v(x) = —logn, |zly  (\z|y = Nv7?). (4.4) 


The ramification index e, of v is the number v(p,). With this notation one 
has the following decomposition pOK = |], u(p)30 Po” 

Let L/K be a finite Galois extension with Galois group G(L/K), and let 
w be a place of L, which extends a fixed place uv of K. Define the action of 
the group G(L/K) on the places w € XY’; by w+ ou, 
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om 
CES, (ox 
‘Cliew = iz lib 


If v and w are non—Archimedean, p, and $B, being the corresponding prime 
ideals, then ow corresponds to the ideal B,., = B°,. A Galois automorphism 
o € G(L/K) induces an isomorphism of the completions ¢ : L, ~ Loy as 
normed vector spaces over K,. 

The decomposition group Gy is introduced as the subgroup 


Gy = {0 € G(L/K) | ow =w} C G(L/K). (4.5) 
By definition we have that 
Gry = {o € G(L/K) | orw=Tw} =7TGyrT'. 


On the other hand, it is immediate from the explicit construction of the ex- 
tensions of places, that G(L/K) acts transitively on the set of places of L 
lying over a fixed place v of K. Hence all the corresponding subgroups G, are 
conjugate Weil A. (1974a). 

The inertia group Iy C Gy is by definition the kernel of the natural homo- 
morphism G, = G(L,/K,) — G(l(w)/k(v)) where [(w) denotes the residue 
field of the place w. The quotient group G,/Iy = G(I(w)/k(v)) is generated 
by the Frobenius automorphism: G(I(w)/k(v)) = (Fry), Fry (xz) = 2X”. The 
place w is called unramified iff [,, = {1}; in this case one has G,, = (Fry). It 
follows from the definitions that Fr,,, = 7T~'Fry7, so that the conjugacy class 
of Fr,, in G(L/K), if defined, can depend only on v. It turns out that all but 
a finite number of places are unramified; for such places we put 


FrjK(v) = (the conjugacy class of Fr, for wv). (4.6) 


If G(L/K) is commutative, then the right hand side of (4.6) consists of one 
element. 

The Artin reciprocity law tells us where the Frobenius elements F,/% are 
situated in a commutative Galois group G(L/K). Let S be a finite set of 
places of K, including all Archimedean places and those places ramified in 
the extension L/K. Denote by I* the free Abelian (multiplicative) group 
generated by the elements p, for v ¢ S. Then the association v > F/x(v) € 
G(L/K) extends to a homomorphism 


Frjx : 1° —> G(L/K), (4.7) 


which is called Artin’s reciprocity map, 


FL/K I] py | = I] PrjK vu)". (4.7a) 
vES vES 


Class field theory gives an explicit description of the kernel of the Artin 
reciprocity map (4.7) (see 2.4.5 below). The statement that (4.7) is surjective 
was established first, and it could be deduced from the general Chebotarev 
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density theorem, which is a far-reaching generalization of Dirichlet’s theorem 
on primes in arithmetical progressions (see Chebotarev N.G. (1925), Serre 
J.-P. (1970), Chevalley C. (1951)). 

Let P be a subset of the set X72 of all non—Archimedean places of K. For 
any integer x > 1 denote by a,(P) the number of places v € P such that 
Nv < az. We say that P has density a > 0 if the limit exists 


im ax(P) 
sme Az (X'%) 


= 0, (4.8) 


Not every set of places has a density. For example, if K = Q and P is the set 
of primes whose first digit is equal to 1, then P does not have a density. 

By the prime number theorem one has a,(X%) ~ x/log x, hence the con- 
dition (4.8) is equivalent to the following asymptotic expression 


L L 
== 4. 
“Tog z +0(5) c= 


4.3. The Chebotarev Density Theorem. Let L/K be a finite extension of 
a number field K, and X a subset of oe ), invariant under conjugation. 
Denote by Px the set of places v € '}- unramified in L such that the classes 
of Frobenius elements of these places ee to X: FyyK CX. Then the set 
Px has a density, which is equal to Card X/Card G(L/K). 


a, (P) 


The proof is based on analytic methods; the notion of the analytic density 
of P is introduced as the limit 


(4.10) 


Proving the existence of and calculating this limit for P = Py can be done 
with the help of the Artin L-functions (see 4.2.2); the density statement in the 
above sense (4.8) can then be deduced (Chevalley C. (1940), Lang S. (1970)). 


4.4. The Decomposition Law and the Artin Reciprocity Map. If L/K is 
an Abelian extension, then the decomposition of p, in Oz is completely de- 
termined by the order f of the element Fy;x%(v) € G(L/K): in this case 
py = By, ---.: Bw,, where s = (G(L/K) : (c)) and f = f(w;/v) = 
deg w;/degu = [l(w;) : k(v)] is the relative residue field degree. This fact 
is deduced from the transitivity of the action of the Galois group G(L/K) on 
the set of places w dividing v. In particular, the place v splits completely (i.e. 
f =1 and v is unramified) iff Fy;%(v) = 1 € G(L/K). 

Theorem 4.3 shows that a finite Galois extension G(L/K) is uniquely de- 
termined (in a fixed algebraic closure K) by the set Spl, /K Of places which 
split completely in L/K. The Artin reciprocity law gives us amongst other 
things a description of this set when L/K is Abelian. For non—Abelian ex- 
tensions there are only some special cases when Spl, /K is known. However 
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these examples provide a basis for quite general conjectures (the Langlands 
programme, see §5 of Chap. 4). These conjectures determine nowadays one of 
the main directions in modern algebraic number theory. 


4.5. The Kernel of the Reciprocity Map. In order to formulate the main 
result on the kernel of the reciprocity map (4.7) we recall that the relative 


norm Ny; /x%(w) of a non—Archimedean place w is defined as ph ye (or, in 
additive terms, as f(w/v)-v), where 


f(w/v) = deg w/ deg v = [I(w) : k(v)] = logy, Nw 


is the relative degree of residue fields. Also, consider the divisor map (see 
(3.45)) 


dive: K* + 1°, divs(a = [[ pot) e 2°, 
vES | 


where S is the set of all Archimedean places and places ramified in L/K. 

Let L/K be an Abelian extension of K, f = [], pit) an ideal in Ox, 
divisible by sufficiently high powers r(v) of the prime ideals ramified in DL. For 
each Archimedean place v € XY we fix an embedding 


ara” eC, KOK, CC, 
which induces v, and let 
SryK = {ve LK | K, SR, Ly = C for wiv}. 
Define the subgroups Pr x (f), %z/K«(f) C I? by 
PrK(f) = { divs (a) ) | aék*, a=1mod f, We Lx a) > of, (4.11) 


NK (f) = (Nix (w)) wes, (4.12) 


the latter being the subgroup generated by the relative norms of prime divisors 
of those places v (or ideals p,) which are unramified in L/K. 


Theorem (The Artin Reciprocity Law) Let L/K be an Abelian extension. 
Then 


Ker Fy jx = Prx(f) - xx (f)- (4.13) 


Corollary (Description of the Galois group) For an Abelian extension L /K 
the reciprocity map (4.7) induces an isomorphism | 


G(L/K) & 1° /(Prx(f)StzK(f)). 


4.6. The Artin Symbol. Consider the group Jx of ideles, and define a sur- 
iective homomorphism 
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(.,L/K): JK 7 G(L/K), s+ (s,L/K) (4.14) 


with the help of the reciprocity map (4.7). For an arbitrary s € Jx let us 
choose a principal idele a € K™* such that |as, — 1|, < € for v € S and 
sufficiently small ¢ > 0. Define the S-divisor (cf. (3.45)) by 


div(as) = [] ev = = div(as) € I°. 


Then the Artin symbol (s, L/ K ) = Y1/K(8) is defined by the formula 


(s, L/K) = b1/x(s)= Fr x (div(as)). (4.15) 


We stress that (4.15) is defined it terms of ideles, and in order to show that 
(4.15) is well defined it is essential that the reciprocity law in terms of ideals 
(4.13) is satisfied. Indeed, the condition on a in (4.15) is satisfied if div(a) € 
Pr /«(f) with an appropriate choice of f. Now the reciprocity law transforms 
into the statement that Ker xz, coincides with K* Nz;x% J , where Nz/KJ1 
is the subgroup of relative norms of ideles from Jz: 


Ni/K((Bw)w) = | |] Nau7K. (Bw) | - (4.16) 


wiv 
v 


Hence the Artin symbol zx in (4.15) is defined for idele classes s € Ck = 
Jk ee *. Furthermore F,/x(v) = (s(v)), where s(v) is the idele class of 
(---,1,7y,1,---) for a local uniformizer 7, € K;, i.e. an element with the 
ouidition roa = 1. The homomorphism #,/% : Ck — G(L/K) is continuous 
and its kernel is both open and closed, again in view of (4.13). 


4.7. Global Properties of the Artin Symbol. Let H be a subgroup of a finite 
group G. Then the transfer homomorphism (or Verlagerung) 


Ver : G/[G, G] — H/|H, Hi], (4.17) 


is defined by Ver(g|G,G]) = [],crh(g,7) where.r runs through a system 
of representatives R of left cosets G/H and h(g,r) € H is defined by the 
condition gr = grh(g,r) (gr € R being the representative of gr in R). 


1) There is a one-to-one correspondence between open subgroups U C Cx 
and finite Abelian extensions L/K, such that the symbol (4.15) induces 
an isomorphism 


Cr /U > G(L/K), 


and U coincides with the norm subgroup U = Nyx (CL) (see (4.16)). 
2) Let K’/K be an arbitrary finite extension. Then for a € Cx: the following 
equation holds 
(Nxv/K (a), L/K) = (a, LK'/K’). (4.18) 
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3) Let L’/K bea finite Galois extension, L/K the maximal Abelian subex- 
tension of L’/K, and K’ a subextension of L’/K over which L’ is Abelian. 
Then 

(a, L'/K’) = Ver(a, L/K), (4.19) 


where Ver is the transfer (4.17). 
4) Let L’/K be a finite Galois subextension of L/K. Then for all a € Cx 
the following equation holds 


eC 


(a, L'/K) = (a, L/K). (4.20) 


5) Let o be an isomorphism of K onto 0K, o € Aut K. Then for all a € Cx 
the equation holds 


(ca,0L/oK) =0(a,L/K)o™'. (4.21) 


The bar in the above formulae denotes the restriction to a subfield (cf. 
Chevalley C. (1940), Koch H.V. (1970), Artin E., Tate J. (1951), Weil A. 
(1974a)). 

These properties make it possible to extend the definition of the Artin 
symbol to infinite Abelian extensions L/K. Consider the correspondence 


st (s,L/K) = lim(s, L,/K), (4.22) 


where L,/K runs through all finite subextensions of L/K. It follows from 4) 
that this is well defined and one has a map from Cx to G(L/K) with dense 
image. Taking into account the one-to—one correspondence between subgroups 
of finite index of Cx and G(K*>/K), we see that G(K®>/K) is isomorphic to 
the profinite completion of Cx, which is in fact with the quotient of Cx by 
its connected component. The thus constructed reciprocity homomorphism 
satisfies the properties 2), 4) and 5). 


4.8. A Link Between the Artin Symbol and Local Symbols. Suppose that 
we already know the existence of the Artin symbol on ideles (4.15). For a finite 
Abelian extension L/K, a non—Archimedean place v of K and an extension w 
of v to L, consider the completions K, and Ly, and the decomposition group 


G, CG(L/K), Gy = G(Ly/Kov), 


which in the Abelian case does not depend on the choice of w. Consider 
the embedding 7, : K7* <— Jx, and the projection onto the v-component 
Jy : Jk — KX, where i, maps x € K; onto the element of Jz, whose 
v-component is equal to x, and whose other components are all 1. Put 


by = VL/K Oty = (+, Lu /Kv)v- (4.23) 


Then one verifies that the image of ~, belongs to the decomposition group Gy. 
The homomorphism 7, : KX — Gy, is called the local Artin homomorphism 
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(or the norm residue homomorphism). If x = (ry) € Jx, then the following 
decomposition holds 


brjx (x) = [] Yo(2»), (4.24) 


where 


1 lim (TI we) 
ves 
(the limit is taken over an increasing family of places of A’). The product (4.24) 
is actually finite: if a component 7, is a v-unit and v is unramified, then 2, is 
a norm in the extension L,,/K,: for some yy € Ly one has ty = Nz, /K, Yu. 
The existence of yy is established by Hensel’s lemma (see 2.3.2). 

Thus the knowledge of all local Artin maps yy is equivalent to the knowledge 
of the global Artin map rx. In classical work on class field theory the local 
reciprocity maps were studied using the global theory; in particular, it was 
shown that these local maps depend only on the local extensions L,, /K,, and 
are independent on a global extension L/K from which they are obtained. In 
this sense, modern expositions of class field theory (for example, in Chevalley 
C. (1940), Weil A. (1974a)) differ from classical texts: first one gives a purely 
local and independent construction of maps 


6,:K*% + Gy = G(L’/Ky), (4.25) 


where L” is a finite extension of K’,. Then one proves that the product [],, 4, 
has the properties which uniquely characterize the homomorphism wz, x. The 
most important part of the proof consists of verifying the product formula 


6,(a) =1 for allae K%. (4.26) 


In the case of a quadratic extension L = K(V/b) the image 6,(a) belongs to 
{+1} = G(L/K), and coincides with the Hilbert symbol, defined in 2.3.3. The 
product formula is equivalent to the quadratic reciprocity law of Gauss, which 
thus becomes a special case of the general reciprocity law (4.13). 

The construction of the map (4.25) for an arbitrary Abelian extension 
L’/K, is usually carried out using methods of Galois cohomology theory (see 
§5, and Serre J.-P. (1962), (1964), Chevalley C. (1940), Koch H.V. (1970)). A 
more direct construction of 6, was recently suggested by M.Hasewinkel (1978), 
Iwasawa K. (1986) based on an explicit analysis of cohomological constructions 
in low dimensions. 


4.9. Properties of the Local Symbol. The properties of the local symbol 
0, on Wy = (Dig Fy) : ky a Gy 


are completely analogous to the corresponding properties 1) to 5) from 2.4.7, 
replacing Cx = Jx/K™ by Kx, G(L/K) by G, and z/K by 6. Also, the 
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homomorphism 6, maps the group of units U, = O* of K, onto the inertia 
group I” C Gy. If L./Ky is unramified, then for all a € K* one has 


Oy (a2) = Frv() (4.27) 


where Fr, € Gy, is the Frobenius element of the extension, and the valuation 
v of K, is normalized by the condition v(K**) = Z. In the same way as for 
wz/K the local symbol can be generalized for infinite Abelian extensions, and 
thus one obtains a reciprocity map 6, : KX — G(K®>/K,), where K? is the 
maximal Abelian extension of K,. The Galois group can then be described as 
follows: 

G(K2>/K,) = (KX) =Zx ox (4.28) 
where “ denotes the profinite completion. Under the isomorphism (4.28) the 
Galois group G(K®"/K,) = G(F,/F,) of the maximal unramified extension 


Kh" of Ky becomes Z, and the inertia group [, = I” maps isomorphically 
onto the whole group of units O*: 


by: OX SI” (4.29) 


(the field AD’ can be defined as the maximal extension of K, for which the 
extension of the valuation v satisfies the property vu(K;*) = Z). 

Below we give a remarkable explicit construction of the maximal Abelian 
extension K?> of a local non—Archimedean field Ky, generalizing the contruc- 
tion of Go by adjoining roots of unity to Q,. 


4.10. An Explicit Construction of Abelian Extensions of a Local Field, and 
a Calculation of the Local Symbol. (see Lubin J., Tate J. (1965), Serre J.-P. 
(1962), Chevalley C. (1940), V.A.Kolyvagin (1979)). Consider first the field 
Q, as a model example. Any Abelian extension of this field is contained in 
a cyclotomic extension, i.e. Q2” = Q,(W.), where Woo = UnsiWn, Wn = 
{CE Q, | ¢” = 1}, Wo is the set of all roots of unity from Q,. Let W,0 = 
Um>o0Wpm be the subset of all roots of unity of p-power order, and Vo = 
Ua tn Wn the subset of roots of unity of order not divisible by p. Then 


Woo = Voo X Wom, Qp(Woo) = Qp(Voo) * (Woe ), 
and the following decomposition takes place: 
G(Q3"/Q,) = G(Qy(Voo)/Qp) X G(Qp(Wo~ )/Qp). (4.30) 


Here Q,(V..) is the maximal unramified extension (see the example from 
2.3.4), for which vp(Qp(Voo)*) = Z and 


G(Qp(Voo)/Qp) & G(F,/Ep) & Z = (Fry). (4.31) 


The field generated by Wp = Um>oWpm is the union of all the totally rami- 
fied extensions of Q,. The Galois group G(Qp(Wp»)/Qp) can be described by 
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means of its action on the set Wp of all roots of unity of p-power order. In 
order to do this we note the isomorphisms 


End Wp~ = Zp, Aut Wp = ZF, 


in which a p-adic number a@ = ap + a1p + aop* + --: € Zp in its digital form 
(3.2) corresponds to the endomorphism [a] : ¢ + ¢° for ¢ € Wyo: 


Ce def (rota ptanp’ +...+dm—1p" if ¢ a Wym C Wp. 
From the action of the Galois group on W,- one obtains a homomorphism 
by : G(Qy(Wp )/Qy) + Aut Wyo & Lie (4.32) 


which is a one-dimensional p-adic Galois representation (the cyclotomic rep- 
resentation), and (4.32) is an isomorphism. 

It turns out that the local symbol 6,(a) = (a,Q2/Q,) € G(Q3>/Q,) for 
an element a = p™u (m € Z, u € Z)) can be described using isomorphisms 
(4.31), (4.32): 


j 7 Fr on the subfield Q,(Vo0), 
p(Q) = [u-*] on the subfield Q,(Wp~). 


We now reformulate this in a manner more suitable for generalization. 
Consider the sets Ej = Um>oHpm, where 


Eno ={w=¢-1 | C € Woe }. 
These sets are groups with respect to the group law 
W1 OW2 = Wi + Wet WwW (wW1,W2 € E_~), 


and for all w € Ey one has |w|, < 1. The set E, consists of all roots of the 
polynomial 


fol X) = (X41 1 = px + (2) XP 4x, 


which becomes irreducible after division by X according to Eisenstein’s irre- 
ducibility criterion. Its roots therefore generate a field Q,(E,) of degree p — 1 


over Q,. 
Now consider the iterations of the polynomial f,(X): 
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The group Ey coincides with the set of all roots of the polynomial fpm(X), 
and this is isomorphic to p-™Z,/Z,. Under this isomorphism the obvi- 
ous inclusions Eym C Epym+i become the natural embeddings p~™Z,/Zp C 
p-™-!Z,/Z»y, and we see that E,o. = Q,/Z,. From this it follows that 
End Ego = Zp. We have Qp(Lo) = Qp(Wpx), and the isomorphism (4.32) 
takes the form | 


bp : G(Qp(Ep )/Qp) > Aut Epo & ZX. (4.33) 


Now let K, be an arbitrary finite expension of Q, with valuation ring O,, 
maximal ideal p, = (7) and q = |O,/p,|. Here a is a uniformizing element, 
ie. v(w) = 1. There is an analogous construction of the maximal Abelian 
extension of K,,. Consider the polynomial 


[i(k Sm Xx? (4.34) 


It follows as before by Ejisenstein’s criterium that f,(X)/X is irreducible. 
Define recursively the iterations 


fam (X) = fam—r(fx(X)), m2 1, 
Then the sets of roots | 
Wim = {xr € Ky | fan(x) = 0} (4.35) 
of the polynomials f,m(X) form an increasing sequence: 
Wm C We m+; 


and there is a natural group structure on (4.35) such that Wy m is isomor- 
phic to p7/O, (= O,/p”). The inclusions Wym C Wym+1 become the 
natural embeddings p>™/O, C p>™~!/O,. Thus we obtain a group, which is 
analogous to the group of all roots of unity of p-power order: 


Wyco = UJ Wy;,m is isomorphic to K,/Oy. (4.36) 
m>1 


There is a natural action of elements a € O, = End(K,/O,) on Wy m for 
which the equation |] r(x) = f,(xz) holds. This action will be denoted by 
[a] ¢ : x +> [a] sx. The action of the Galois group on the roots of the polynomials 
fam(X) provides us with a representation analogous to (4.32): 


G(K,/K,) — Aut Wro & OX%. 4.37 
f if 


Denote by K,, the field which corresponds to the kernel of the homomorphism 
(4.37). Then K, is an.Abelian extension of K, in view of the isomorphism 


by: G(K,/Ky) % OX, (4.38) 


144 Chapter 2. Arithmetic of Algebraic Numbers 


and we obtain the following explicit description of the Abelian extensions of 
Tay: 
Ke Sd ale 


where KP = K,(Vo.) is the maximal unramified extension of K, (Voo is the 
group of all roots of unity of degree not divisible by p), 


G(K""/K,) = G(F,/F,) &Z = (Fy,)’. (4.39) 


The field Ky = Um>1Ky(Wy,m) is the union of all totally ramified Abelian 
extensions of K,. 
The norm residue symbols can then be described as follows: 


1) for u€ OX the element 6,(u) = (u, Ky/Ky)y acts on Wy via [u7"] 5; 

2) the norm residue symbol of (7, K,/Ky)y is equal to 1. 

3) the symbol 6,(a) for a = n™ (m € Z, u € OF) acts on K}* as Fro” € 
G( Ky" /Ky). 


A remarkable feature of the construction of the group law on the set W¢ o 
is that the field K, is independent of the choice of uniformizer a and of the 
polynomial f(X) € O,[X], which need only satisfy the following requirements: 


f(X) = 7X (modulo degree 2 polynomials), (4.40) 
f(X) = X4(mod 7). (4.41) 


Moreover, instead of a polynomial f(X) one may use any element of the set 
F, of power series f(X) € O,[[X]] satisfying the above conditions (4.40), 
(4.41). 

The above group law is constructed in the theory of Lubin-Tate formal 
groups. 


4.11. Abelian Extensions of Number Fields and Function Fields. For the 
field of rational numbers Q the theorem of Kronecker—Weber (see 2.4.1) gives 
an explicit descripton of all Abelian extensions with the help of the action of 
the Galois group on roots of unity, which may be regarded as certain special 
values of the exponential function: ¢,, = exp(277/m). An analogous theory 
exists also over an imaginary quadratic field K = Q(V/d), whose Abelian 
extensions are constructed with the help of the action of the Galois group 
G(K/K) on the points of finite order of an elliptic curve with complex multi- 
plication (more precisely, on the coordinates of these points, see §4 of Chapter 
3). This description is essentially the content of the theory of complex multipli- 
cation. In more classical terms, Abelian extensions of an imaginary quadratic 
field are described by means of the special values of elliptic functions and the 
j-invariants corresponding to lattices with complex multiplication. The Ga- 
lois action on these values is explicitly described in terms of the arithmetic of 
the imaginary quadratic ground field (this was Kronecker’s “Jugendtraum” 
(“dream”)). The content of Hilbert’s famous twelfth problem is to give an 
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explicit description of all Abelian extensions of an arbitrary number field K, 
[kK : Q] < co using special values of certain special functions (such as the 
exponential function or elliptic functions), and by means of the Galois actions 
on these values. 

Some progress has been made in solving this problem for the so-called 
CM-fields K. These are totally imaginary quadratic extensions K = F(./—a) 
of totally real fields F: F is a number field generated by a root of a polyomial 
which splits as a product of linear factors over R, and a € F is totally posi- 
tive (positive in each real embedding of F’). This multi-dimensional complex 
multiplication theory is based on the study of Abelian varieties with complex 
multiplication by elements of K. For a real quadratic field K a description of 
certain Abelian extensions of K is given by Shimura’s theory of “real multi- 
plication”. However, in these cases the situation is less satisfactory than for 
Q or for an imaginary quadratic field K, since these constructions do not give 
all Abelian extensions of the ground field kK. A completely different situation 
takes place in the function field case, when K is a finite, separable extension 
of F,(T). Here there is a complete description of all Abelian extensions of 
K in terms of the elliptic modules of V.G.Drinfel’d (and in terms of elliptic 
functions in positive characteristic attached to these modules, Drinfel’d V.G. 
(1980)). 

The idea of describing extensions of K via the action the Galois group 
G(K/K) on certain groups and other algebraic objects has turned out to 
be very fruitful. Many examples of constructions of Abelian and non—Abelian 
extensions of a ground field K are based on this idea. A complete classification 
of all these extensions in terms of Galois representations and in terms of certain 
objects of analysis and algebraic geometry (automorphic forms and motives) is 
an important aim in Langlands far-reaching programme, see §5 of Chapter 4. 


§5. Galois Groups in Arithmetical Problems 


5.1. The problem of dividing a circle into n equal parts (Gauss C.-F. (1966), 
Gindikin S.G. (1985)) has a geometric form. However its solution, given by 
Gauss, was based essentially on arithmetical and algebraic considerations. 
The construction of the regular 17-gon was the first mathematical invention 
of Gauss, written in his diary on March 30th 1796, one month before his 19th 
birthday. Previously one could only construct triangles, pentagons, 15-gons, 
and all those n-gons which are obtained from these by doubling the number 
of sides. From the algebraic point of view, the construction of a regular n-gon 
is equivalent to constructing the roots of unity of degree n on the complex 
plane, i.e. the solutions to the equation 


X"-1=0, (5.1) 


which have the form 
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21k 27k 2nik 
ck = cos + isin “= = exp (27), p= 0,122.1. (5.1a) 


Assuming that the segment of length one is given, we can construct using 
ruler-and-compass methods all new segments whose length is obtained from 
the lengths of given segments using the operations of addition, subtraction, 
multiplication,.division and extraction of the square root. Through a sequence 
of these operations one may construct any number belonging to any field L, 
which is a union of a tower of quadratic extensions 


b= Dy D> hye. > 2d Diy = GQ, (5.2) 


where L341 = L;(Vd;), d; € L;. It is not difficult to prove that no other points 
of the complex plane can be constructed starting from the point z = 1 and 
using only ruler-and-compass methods. In order to construct z = a (if this 
is possible) one constructs the corresponding tower of type (5.2) for the field 
L, generated by all the roots of the minimal polynomial f(X) € Q[X] of a 
(the decomposition field of f(X)). By Galois theory, to a quadratic extension 
L,/Q corresponds a subgroup G; = G(L/L}) of index two in the Galois group 
Go = G(L/Q) (the group of Galois symmetries of the polynomial f(X)). The 
action of the subgroup G; partitions the set of all roots of f(X) into two parts, 
such that the sum of all elements of each part belongs to LZ; and generates 
this field, being invariant under under automorphisms in G. In the next step 
each of these two parts is divided into two further parts using the action on 
the roots by elements of Gp = G(L/L2), which is of index 2 in G, etc.. This 
process continues until we obtain the subset of roots consisting of only one 
element z = a. 

For example, for the root of unity a = €; from (5.1a) the corresponding 
irreducible polynomial f(X) is the cyclotomic polynomial &,,(X ), whose roots 
Ex ((k,n) = 1) are primitive roots of unity; the Galois symmetries have the 
form 

On: EktO EL =Ekamod n (a € (Z/nZ)*). 


For n = 5 one has Go = {01,02,03,04} and the subgroup Gy = {01,04} 
partitions the set of primitive roots into the parts {€1,¢€4} and {€2,¢3}. One 
has @5(x) = 24+2°+2%+2+41. Hence 


epteytil+ej; tej’? =0. 
By putting u = €, + ee = €; + €4 we obtain the equation 


-1+¥5 _-1- v5 
ee 
which gives the desired construction of the regular pentagon. 

In the case n = 17 Gauss’ intuition led him to the correct partition of 
the roots of $)7(xz) = 216+ 7!54+...+2+41 given by Galois symmetries 
(Galois theory had not yet been discovered!). The group of symmetries Go & 


uv+u-1=0, eyteq= 
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(Z/17Z)* is a cyclic group of order 16 with a generator 3mod 17 (a primitive 
root), and Gauss’s idea was to use a more convenient indexing system for 
the roots (see Fig. 13). Let us assign to the root ¢, the new number / (the 
notation €,1;) defined by the condition k = 3! mod 17,1 =0)1,...,15, and let 
T; denote the automorphism o;,. Then 


TiE(m} = E{m+1] (m,! mod 16). (5.3) 
The corresponding subgroups have the form 
Go = {T0,Ti,---,Tis}, Gi = {To,T2,---, Tis}, 
Go = {To,T1,---,Ti2}, G3 = {To, Ts}. 


We now show how the idea described above works in this case. First of all 
note that 

Ey tegt...+€16 = Eo) + ety +--+. + fis) = —1 (5.4) 
(the sum of a geometric progression). Denote by om,, the sum of €j) with I, 
congruent to r modulo m. We thus obtain 


02,0 = E[o] a E(2] ae + E[14] = » TiE(o}; 
Ti€G, 


02,1 = E[1) + €[g] +--+. + Epis) = ye TE 11): 
T,E€G, 


Identity (5.4) implies 
029 +021 = —l, 


and by termwise multiplication we find that 
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02,0 ° 92,1 = 4(E10] + E/1] +... - €(15)) ae eA. 


Now using Viete’s formulae, we may express 02,9 and 02, as the roots of the 
quadratic equation +? + x — 4 = 0: 


V17-1 _ -Vv17-1 


9 » O21 9 


which generate the field L; = Q(/17). We distinguish the two roots by the 
condition that 72,9 > ¢2,1; in each of these fields the roots arise together with 
their conjugates. In the first case we have to add and to multiply the real parts 
of the numbers €1, €2, €4, €g and in the second case we do the same for €3, és, 
€6, €7- In a similar way we have that 04,9 +. 04,2 = 92,0, 04,1 +04,3 = 02,1, and 
the multiplication using (5.3) shows that 04,9 + 04,2 = 02,9 +02,1 = —1. Hence 
04,9 and 04,2 are roots of the equation ge + 02,9 +1 =0 which generates the 


field Lo: 
i , 
04,0 = a (v 17-1+ 1 34- avi) ‘ 
1 / 
4a = 3 (Vit -1- 34 —2ViT) 


In the same way we see that 


1 Says 

04,1 = 7 (-vi7-14 vst +2Vi7), 
1 

042 =F (—vi7-1- s4+2vir7) 


An analogous argument shows that 


02,0 = 


030 >= Ej0] + Eg] 


= (1/2) 4/40)? — 4041) 
= (1/8) -(V17 -1+ 34 — 2v17) 


+ (1/4) \/174+ 3V17 — 1/170 + 3817, 


which completes the construction. 
Tn the general case of an n-gon with n = 2"p;'-...-pc*, where p; are odd 


primes, we have that 
G(Q(¢n)/Q) = (Z/nZ)*. 


By considering the tower (5.2) of quadratic extensions, we see that the pos- 
sibility of constructing the regular n-gon is equivalent to the condition that 
the number 


\(Z/nZ)*| = y(n) = 2°-*(py — Vp... (ps — Ups 
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is a power of 2. This holds precisely when n = 2"p; -...-p,, where the p; are 
primes such that p; = 2” +1. It follows from Lagrange’s theorem applied to 
the cyclic group (Z/p;Z)* , that m; divides p; — 1. Hence m; is also a power of 
2. The construction is therefore only possible for n = 2"p,;-...-p, where p; are 
Fermat primes p; = 27* +1, which were discussed in Part I, 1.1.2. The proof 
of the latter statement was not published by gauss: “Although the framework 
of our treatise does not alow us to proceed with this proof, we think that it 
is necessary to point out this fact, in order to prevent somebody else from 
wasting his time, by attempting to find some other cases, which are not given 
by our theory.” 


5.2. Kummer Extensions and the Power Residue Symbol. (see Chevalley 
C. (1940), Koch H.V. (1970)). Let K be a field containing a primitive root of 
unity ¢ of degree m, where m is a fixed positive integer not divisible by the 
characteristic of kK. One may show that cyclic extensions L/K of degree di- 
viding m coincide with the so-called Kummer extensions of type K(™,/a)/K 
(a € K). In applications K will be either a number field or a completion of 
one. Any extension L/K containing a root a of X™ = a, also contains all the 
other roots Ca, ..., ¢™~'a of this polynomial. Let o be an element of the 
Galois group G(K(™,/a)/K). If we fix a root a then the automorphism ¢ is 
completely determined by the image of a under the action of c: a% = Ca. In 
particular, if a is an element of order m in the multiplicative group K* /K*™ 
then X™ — a is irreducible and a” is an m*" power iff mlr. In this case the 
assignement ¢ +» bmod m provides an isomorphism of the Galois group 
G(K(™./a)/K) with the cyclic group Z/mZ. 

Now let L be an arbitrary cyclic extension of degree m of K. We shall 
construct explicitly an element a € K such that L = K(™,/a)/K. Let o be 
a generator of the cyclic group G(L/K) and let LD = K(7) for some primitive 
element y € L. Then the elements y, 7°, yor form a basis of L over K. 
Consider the sum 


m—l1 
B=) CX. (5.5) 
s=0 


Then 67 = (718, and GB # 0 since the elements y, y’, yon are linearly 
independent over kK. Thus 6” € K and 6" ¢ K forO <r<m,ie. a= B™ 
is an element of order m in the quotient group K*/K*™ and the above 
argument shows that the field K(@) is a cyclic extension of degree m contained 
in L and is therefore equal to L = K(™,/a). In a similar way we can check 
that two extensions K(™./a)/K and K(™vb)/K coincide iff a = b"c™ for 
some c € K and r € Z such that (r,m) = 1. These statements can be unified 
into one statement by saying that for a given field K D> pm and its Galois 
group Gx = G(K/K) there is the isomorphism 


K* /K*™ = Hom(Gk, Um), (5.6) 
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where Um = {C€ € K | ¢™=1} and Char K /m. In order to construct (5.6) 


for a given a € K~* choose y € K™ with the condition vy” =a, and fora € Gx 
the formula y,(o) = 7° /y defines then a homomorphism y, : Gx — Um. The 
fact that this map defines a homomorphism (5.6) is deduced from Hilbert’s 
Theorem 90 on the cohomology of the multiplicateive group: H!(Gx,K*) = 
{0} (see 2.5.3). 

Now let K be a number field, u, C K, p = py a prime divisor attached 
to a non—Archimedean place v of K. The decomposition of p in the extension 
K(™,/a)/K is reduced to study of the extension K,(™,./a)/Ky, of the local 
field K, (by the theorem on extensions of absolute values, see 2.3.6). One can 
assume that a belongs to the ring Ox of integers of K, and that p /ma. Then 
the decomposition of the mazimal ideal p C Ox is determined by the decom- 
position of the polynomial X™-—a( mod p) over the field Ox /p (by the lemma 
in 2.2.3). This decomposition is a product of pairwise coprime irreducible fac- 
tors of degree f, where f is the degree of the residue field extension: the least 
positive integer f such that the congruence aJ = z™(mod p) is solvable in 
Ox /p. Under our assumptions the ideal p is unramified in L = K(™,/a) and 
p=P.,-:...-Pw, (f-r =m). In particular, p splits completely iff f = 1, i.e. 
iff the congruence x™ = amod p is solvable. 

We now define the power residue symbol. In order to do this denote by S 
the set of places of K which either divide m or are Archimedean. For elements 
a,,...,a, € K* denote by S(a,,...,a;,) the union of S and the set of places 
v for which |a;|, 4 1 for some 7. For a € K™* and a place v ¢ S(a) define the 
power residue symbol (2) E Um by 


martin) = (2) mya, (5.7) 
Uv 
where L = K(™,/a) and Fr x%(v) € G(L/K) is the global Artin symbol, cf. 


a 


2.4.6. The number (2) € [tm does not depend on a choice of ™,/a, and one 
verifies that 


(=) as @ (=) (vu ¢ S(a,a’)). (5.8) 


According to the definition of F,;%(v) as a Frobenius element, the identity 


(5.7) is equivalent to the congruence ry (aaa = (£) (mod p,), which im- 
plies that m|(Nvu — 1) and 


(Nv—1)/m — (2% 
a = (=) (mod py), (5.9) 


(the generalized Euler criterium) since the group (O,/py)* is cyclic of order 
Nv — 1. For an arbitrary divisor b = Loesca) priv) € 15) put 


he 


v¢S(a) 


m faftiK(®) = (=) TOS G. (5.10) 


Then we have that 
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where L = K(™,/a), Fr/x(6) € G(L/K) is the global Artin symbol, and the 
following equation holds: 


G&)-()(@) wer om 


For any prime divisor v ¢ S(a) the following statements are equivalent: 
DG) 
2) the congruence x” = a(mod p,) is solvable for some z € O,; 
3) the equation 7” = a is solvable for some x € K, 


A solution in 2) can be lifted to a solution in 3) by Hensel’s lemma, see 
2.3.2. For an integral ideal b C Ox the value of (¢) depends only ona mod 6b 
as long as a € Ox. Thus the following character of order m is defined 


X63 (Ox/b)% ttm, Xela) = (4). (5.12) 


The cubic reciprocity law. Let K = Q(¢3) = Q(V—-3), m = 3. Then Ox = 
Z|¢3] is a principal ideal domain and if p = p, = (7) for a prime element 


ma, then we shall use the notation (4) instead of (2). Call a prime element 


primary if = 2 mod 3, ie. either 7 = q is a rational prime number, g = 
2(mod 3), or Nt = p = 1(mod 3), = 2mod 3. One easily verifies that 
among the generators of an ideal p, p /'3 there is exactly one primary element. 
Let py = (7) and p2 = (72), where 7 and 72 are coprime primary elements 
such that Np; # Np2 # 3. Then the following “reciprocity law” holds: 


2)-(2) ss 


The biquadratic reciprocity law. Let m = 4, K = Q(i) and Ox = Zit], the 
ring of Gaussian integers. We shall call a € Ox primary if a = 1(mod (1 + 
i)?). Then one verifies that in any prime ideal p, p /2 one can choose a unique 
primary generator. If py = (7,1) and po = (7), where 7; and 72 are coprime 
primary elements, then the following reciprocity law holds: 


(= ) 7 (=) (—1) (Nai =1)/4)-((Na=1)/4), (5.14) 


1) Wy 


5.3. Galois Cohomology. The group cohomology theory provides a standard 
method of obtaining arithmetical information from Galois groups, acting on 
various objects: algebraic numbers, idele classes, points of algebraic varieties 
and algebraic groups etc. (Kolyvagin V.A. (1988), Chevalley C. (1940), Ireland 
K., Rosen M. (1982), Weil A. (1974a), Serre J.-P. (1959), (1962)). Let G be a 
finite (or profinite) group acting on a G-module A (endowed with the discrete 
topology). The cohomology groups of G with coefficients in A are defined with 
the help of the complex of cochains. Consider the following Abelian groups: 
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C°(G, A) =A, 
and for n > 1 
C'(G,A)={f:Gx---xG—A| f is continuous} 


(the addition of functions is pointwise and the continuity of f € C"(G, A) 
means that the function f(g1,...,9n) depends only on a coset of g; modulo 
some open subgroup of G). | 

The formula 


(dn f) (91, tee ,9n+1) =91f (92, cae ;9n+1) 
+ S(-1)*F (91, ek OG bess Ona) (5.15) 
i=l 


CES Giger): 


defines a homomorphism d, : C"(G, A) + C"t1(G, A), such that dy ody4i = 
0. 

The group Z"(G, A) = Kerd, is called the group of n-cocycles, and the 
group B"(G, A) = Imd,_, is called the group of n-coboundaries. The property 
dn °dn+; = 0 implies that B"(G, A) Cc Z"(G, A). The cohomology groups are 
then defined by 


2 a = _ J Kerd,/Imd,_, for n> 1; 
H"(G, A) = B"(G, A)/Z"(G, A) = eo es lane (5.16) 
If n = 0 then 
H°(G, A) = AS = {a€ A| ga =a for all g € G}. (5.17) 


For n = 1 we call a continuous map f : G — A a scew—homomorphism iff for 
all gi, g2 € G one has 


f (9192) = f(91) + 91f (92). (5.18) 


One says that a scew~homomorphism splits, iff for a fixed a € A it can be 
written in the form f(g) = a — ga. The group H'(G, A) can be identified 
with the quotient group of the group of all scew—homomorphisms modulo 
the subgroup formed by all split scew—homomorphisms. If the action of G 
on A is trivial then H+(G, A) coincides with the group of all (continuous) 
homomorphisms from G into A. 

For n = 2 the elements of H*(G, A) correspond bijectively to equivalence 
classes of extensions of G by A: for an extension 


0-A+~G+G-1. (5.19) 


For all g € G choose a lift g in G (i.e. choose a section g + g of the projection 
G — G). Define f: Gx G— A, f(g1, 92) € A by 
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91° G2 = f(91, 92)9192- 


Then the function f is a 2—-cocycle of G with values in A. If we change our 
choice of representatives g (i.e. the choice of section G — G), then f is altered 
by a coboundary. Hence the class of f depends only on the extension (5.19). 
The group H?(G,C%) is called also the Schur multiplier of G. Let L/K be 
a Galois extension with Galois group G = G(L/K). Then L* is a G-module 
and H?(G, L*) can be interpreted as the Brauer group, see 2.5.5. 

For the action of the Galois group G = G(L/K) on L* one has the following 
fundamental theorem. 


Hilbert’s Theorem 90. 
H'(G(L/K), L*) = {1}. 


The idea of the proof of this theorem is the same as in the description of 
all cyclic extensions of K in 2.5.2. Let f : G — L* be an arbitrary scew— 
homomorphism, f € Z!(G(L/K), L*). In multiplicative notation this means 
that for all g, h € G we have f(h)9 = f(gh)/f(g) € L*. We shall find a 
number 6 € L* such that for all g € G one has f(g) = 6/b9. In order to do 
this choose a primitive element in the extension L/K, so that the elements 
79 (g € G) form a basis of L over K. Then the element 


b= S_ f(h)y*eL (5.20) 


héG 


is not equal to zero. We apply to both sides of (5.20) an element g € G. Then 


bo = D7 F(A)" 
KEG 


= > Fn 


heG 


= f(g) > f(gh)y™ 


heEG 


= f(g)~*b 


(by the formula of the (left) action of G on L™: (y")9 = 79" for g,h € G). 
This method of taking the average is also known as the construction of the 
Lagrange resolution in the theory of solvable extensions of fields. 


Properties of cohomology groups. 
1) For an arbitrary exact sequence of G-modules 


O0O—A—- B— C — 0 


the following long exact sequence of cohomology groups is defined: 
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0 — H°(G, A) — H°(G, B) — H°(G,C)4%H(G, A) 
— H1(G,B) — H\(G, idling A) —>---H™(G,A)—> (5.21) 
— H"(G,B) — HG, C=. —4H"+1(G, A) — 


Example Kummer theory. Let K be a field containing the group Lm, of all 
roots of unity of degree m in K. Assume further that Char K does not divide 
m. For an arbitrary Galois extension L/K with Galois group G = G(L/K) 
the map x +> x™ defines a homomorphism of G-modules: v : L* —+ L”, and 
one has the following exact sequence 


te ee — 1. 


Passing to cohomology groups (5.21) we obtain the following long exact se- 
quence 


H°(G, ttm) —> H°(G, L*)—>H°(G, L*) — 


1 1 x\ 4 zrl x (5.22) 
H*(G, Um) — H'(G, L*)—H'(G, L*) — 


Since the group G acts trivially on pm, it follows that H+(G, um) coincides 
with the group Hom(G, um). The group H°(G,L*) is the subgroup of all 
fixed points of the Galois action, i.e. H°(G,L*) = L*@4/*®) = K™%., Also, 
H°(G, tm) = bm, and H'(G,L*) = {1} by the Hilbert’s theorem 90. We 
thus have the following exact sequence 


1 — Um — KX —>K* — Hom(G, tm) — 1, 
which is equivalent to the isomorphism of Kummer: 


Kk*/K*™ & Hom(G, Um). 


2) Let H be an open normal subgroup in G and A a G-module. Then one 
has the following “inflation - restriction” exact sequence: 


0 — H'(G/H, A#)45H1(G, A)=SH1(H, A), (5.23) 


in which Inf denotes the inflation homomorphism, which is defined by 

“inflating” a cocycle f on G/H with values in A” C A to a cocycle f on 
G; and Res is the restriction homomorphism given by restricting cocycles 
on G to the subgroup H. 

3) U-products. Let A, B, C be three G-nodules, for which some G-invariant 
Srnec ae. for all g € G,a € A, b € B we have 
that g(aob) = gaogb). For example, if A = B = C is a ring on which the 
group G acts trivially, then the multiplication in A is such a pairing. Any 
pairing A x B — C induces for every n > 0 and m > 0 a bilinear map 


H"(G, A) x H™(G,B) > H"*™(G, 0), (5.24) 
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which is called U-product. This is defined on cocycles by the following 
rule. If f € C"(G, A), f’ € C™(G, B) then the cochain 


(Fo f)(915°° +s Gn4m) = F(915+++ Gn) (91 +++ Gn) F (Gn+15°* + 9n+m)) 
(5.25) 
turns out to be a cocycle, as can be seen from the following equation: 


In+m(f of!) = dnfo fi + (-1)"fodmf'. 
The U-product (5.24) is well defined by the formula 
fUufi=fofieH™*™(G,C). 
One has the equation 
aU AmB = (-1)"Anim(a U £), (5.26) 


where A,,, is the “connecting homomorphism” of the long exact sequence 
(5.21). If A = B = C is a commutative ring on which G acts trivially, 
then for all a € H"(G, A), 6 € H™(G, A) one has 


aU 6 = (-1)""BUa. (5.27) 


5.4. A-Cohomological Definition of the Local Symbol. Let K be a finite 
extension of the field Q, of p-adic numbers. The local Artin symbol is a 
homomorphism 


6: K* + GY =limG(L/K) (5.28) 


from the multiplicative group of K to the Galois group of the maximal Abelian 
extension (the union of all finite Abelian extensions L/K) of K. This homo- 
morphism was described in §4 using powerful global methods — the Artin 
reciprocity law. However, the local symbol can be defined purely locally. With 
this approach the global reciprocity law can then be deduced from the prop- 
erties of the local symbols by proving the product formula (3.27). 

We shall define for a given a € K* the image 6(a) = 01,/K(a) € G(L/K) 
(in a finite extension L/K) using the characters x € Hom(G(L/K), Q/Z). 
Note that the element 0(a) of the finite Abelian group G(L/K) is completely 
determined by the values y(@(qa)) for all characters x of G(L/K). For the 
trivial G(L/K)-module Q/Z we have: 


Hom(G(L/K), Q/Z) = H'(G(L/K),Q/Z), 
and there is an exact sequence 
0-Z2-Q-Q/Z- 90, 
which gives rise to the isomorphism 


A, : H'(G(L/K),Q/Z) > H?(G(L/K),Z). (5.29) 
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The latter is found by considering the long exact sequence (5.21), and using 
the fact that all the higher cohomology groups of the divisible group Q are 
trivial: H*(G(L/K), Q) = {0} for i > 1. 

As we have seen in 2.5.3, H'(G(L/K), L*) = {0}. Moreover, the following 
fundamental facts on the cohomology groups of the multiplicative group are 
known: 


a) H°(G(L/K),L*) = {0}. 
b) There exists an embedding 
invx : H*(G(L/K),L*) - Q/Z. (5.30) 


The image of an element @ ¢€ H?(G(L/K),L*) under this embed- 
ding is called the invariant of @. For a finite extension L/K the group 
H?(G(L/K), L*) is cyclic of order [L : K]. 


Now consider the pairing 

IX xZ—5L* ((4,m)H2™). 

This induces a U-product in the cohomology groups 

H°(G(L/K), L*) x H?(G(L/K),Z) — H?(G(L/K), L*). 
Recall that H°(G(L/K), LX) = K*. For Aiy € H*(G(L/K),Z), we have 
aU Aix € H?(G(L/K), L*) 

for a € K*. Define for each character y, 

x(9n/K(@)) = invz(aU Ay). (5.31) 


This determines 6,/%(q@) as a well defined element of G(L/K). Passing to the 
projective limit in (5.28), we obtain an element 


(a) = lim 6,/x(@) € G2. 


To do this we need the following compatibility property. Consider a tower of 
(Abelian) Galois extensions K C L’ c Land let G= G(L/K), H = G(L/L’). 
Let xy’ be a character of G. Then ifa € K™ induces an element sq = 0,/%(@) € 
G and the element s', € G/H under the projection G + G/H, then we have 
that x(Sa) = x’(s/,). This follows from the definition y(s.) = invzK(aU A1x) 
together with the fact that the inflation map takes.y’ (respectively, 41x’) to 
the character x (respectively, to 41x), using the commutative diagram 


Inf 
H?(G/H, L'*) — H?(G/H,L*) 


(5.32) 
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The map invx will be defined in the next subsection via the Brauer group. 
The above compatibility property will also be discussed there. This compat- 
ibility property is very important, since it makes it possible to define the 
symbol (5.28). 

If the field K contains a primitive root of unity Gy, of degree m, then the 
power residue symbol (a, 3) of degree m can be defined for a, 8 € K* by the 
condition 


where L = K(™,/aq) is a cyclic extension and 0,/x«(() is the local symbol 
(5.31). The values of (a, G) are roots of unity of degree m, and they satisfy 
the following conditions: 


1) (aa’, 8) = (a, 8)(a’, B); 

) (a, 8B") = (a, B)(a, B’); 

3) (a, B)(B,a) = 1; 

4) if (a,@) =1 for all GE K* thenae K*"™; 

5) (a,@) =1 iff G is a norm of an element in the extension K(™./a)/K. 


The power residue symbol symbol can be interpreted as a U-product in 
certain one-dimensional cohomology groups. An explicit calculation of this 
symbol is given in Kolyvagin V.A. (1979), Shafarevich I.R. (1950). 


5.5. The Brauer Group, the Reciprocity Law and the Minkowski—Hasse 
Principle. Recall first some basic facts about the Brauer group of an arbitrary 
field K (see Yu.I.Manin (1972b), J.-P.Serre (1986), N.T.Chebotarev (1949)). 

A finite dimensional algebra A over K is called a simple central algebra 
over K, if there exist n > 1 such that A4@K & M,(K), where M, denotes the 
n x n-matrix algebra and K is an algebraic closure of K. The tensor product 
induces a commutative semigroup structure on the set of simple central K- 
algebras (modulo isomorhism). The following equivalence relation turns this 
set into a group: we say that an algebra A is equivalent to an algebra B, if 
there exist m,n > 1 such that A @M,,(K) is isomorphic to B ® M,(K). 
All matrix algebras are equivalent to each other, and they form the identity 
class of algebras. The class of the algebra A°, inverse to A (i.e. consisting of 
the same elements and having the same addition but the opposite order of 
multiplication), is the the inverse of A in the group structure induced by the 
tensor product. To see this, consider the canonical map A ® A° — Endx(A) 
(endomorphisms of the linear space A), which assignes to an element x @ y € 
A ® A®° the multiplication by xz on the left, followed by the multiplication 
by y on the right. The kernel of this map is trivial, since A @ A° is simple, 
and the dimension of A @ -A° coincides with the dimension of Endx(A), i.e. 
with (dim A)?. Hence the map is an isomorphism, so A ® A° is isomorphic to 
End x (A) = Mgim A(X). 

The group of classes of central simple algebras over K is called the Brauer 
group of K and is denoted by Br K. We shall now describe the Brauer group 
in cohomological terms. 
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Let L/K be an extension of K. It is called a splitting field of a K-algebra 
A iff A@x L = M,(L). Equivalent algebras have the same splitting fields. 
Let Br(K, ZL) be the subset of the Brauer group, consisting of those classes 
of K-algebras which split over L. This is a subgroup. Now asume that L/K 
is a Galois extension with Galois group G = G(L/K). One has the following 
fundamental isomorphism: 


Br(K, L) & H?(G,L”). (5.34) 


This isomorphism can be constructed in various ways; we point out one of 
these, the so-called construction of “scew—products”. This method consists of 
explicitly constructing a central simple algebra over K from a given “factor 
set”, ie. from a cocycle {a,,,} € Z?(G,L*). The algebra is construced as 


follows: 
A= < Leg, 
gEéG 


with multiplication given by 
€g€h = Ag,h€gn for all 9, hEG, 
€ga = g(a)e, for all g EG. 


Its dimension over K is obviously equal to [L : K]?. We omit to verify the 
various necessary properties of the construction; note only that the associa- 
tivity of A is equivalent to the fact that the cochain of structural constants is 
actually a cocycle. | 
The condition that A splits over Z has important arithmetical implications. 
Put N = n? and choose a basis {a),...,an} of A over K. If we use the 
isomorphism 
| F:A@xK >M,(K), (5.35) 


then all of the elements a = ae x,a; € A (x; € K) become matrices F(a) € 


M,,(K). Then it is not difficult to check that the maps 
(a) = Tr(F(a@)), v(a) = det (F(a) 


are polynomial functions of 71,...,2~ with coefficients in the ground field kK. 
These maps are called respectively the reduced trace and the reduced norm of 
the element a € A Weil A. (1974a): | 


T(a) =la(x1,22,...,2n) a linear form, 


v(a) = G4(r1,L2,...,£N) & homogeneous polynomial of degree n. 


Since F(ab) = F(a)F(b) by the isomorphism (5.35), v(ab) = v(a)v(b). How- 
ever, in a division algebra each non-zero element is invertible. Thus the form 
®, has no non-trivial zero over K. On the other hand if A @x L = M,,(L), 
then ©, does have a non-trivial zero over L; under this isomorphism the 
solutions to the equation 
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Pa(x1, fae ,tN) = 0 (x; Ee L) | (5.36) 


correspond exactly to degenerate matrices. 
We now describe the local invariant (Chevalley C. (1940), Serre J.-P. 
(1962)) 


invx : Br K — Q/Z (5.37) 


in the case when K is a finite extension of Q,. Let A be a central division 
algebra (a scew-field) over the field K, [A : K] = n?. The valuation v = vx 
of K has a unique extension to a valuation v, of A, coinciding with vx on 
the center of A. For example, one can first extend v over local fields K (a) for 
a € A and then use the compatibility of these continued absolute values (in 
view of the uniqueness property of continuations of absolute values to finite 
extensions of a local field). Considering the reduction of the algebra A modulo 
the valuation v, one checks that A contains a maximal commutative subfield 
L unramified over the center AK, and an element 6 € Br K corresponding to 
A splits over L, i.e. 6 € H*(G(L/K), L*). A maximal unramified extension L 
may not be unique in A, but all these extensions are conjugate in view of the 
theorem of Skolem—Noether. 'This theorem, states that each automorphism of 
L in A over K is induced by an inner automorphism of A. Consequently, there 
exists an element y € A such that yLy~! = L and the inner automorphism 
zt» yaxy7', restricted to the subfield L, coincides with the Frobenius auto- 
morphism Fr;,/%. Moreover, the element ‘y is uniquely defined upto a factor 
from L*. Let v4: A*% — +Z be an extension of vx onto A. Then one can de- 
fine invx6 as the image of v4(7) in the group (4+Z)/Z Cc Q/Z. This definition 
may be restated, taking into account the fact that the map tx + y"ry~” is 
equal to Fri; and is thus the identity (since n = [L : K}). It therefore follows 
that the element y” commutes with all elements of D and y" =c e€ L”*. This 
gives us 


va(7) = <va(7") = vale) = =01 0) (5.38) 


Thus we have that 
invxé =i/n (c= 7), 


where u € OF", rz is a uniformizing element in L, i.e. vz(7z) = 1, uz(u) = 0. 

Passing to the global case, we consider a Galois extension of number fields 
L/K with Galois group G = G(L/K). Let GY C G denote the decomposition 
group of an extension w of a place v to L. If the extension L/K is Abelian then 
we know that the group G” is uniquely defined by v (cf. §4). The inclusion 
L — Ly induces a homomorphism | 


yy : H?(G, LX) —> H?(G, LX). (5.39) 


One verifies that for an element a € H?(G,L) the images yya vanish for 
almost all v (all but a finite number): if a cocycle {a,,} € Z7(G,L*) rep- 
resenting a satisfies the condition ag, € O% and the extension L,,/Ky is 
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unramified, then H*(G’, OX) = 0 for i > 1. This fact is deduced from the 
exact sequence of cohomology groups obtained from the short exact sequence 


1— O* — LX —Z— 0. 


This is actually a version of Hensel’s lemma, 2.3.2. 
Thus there exists a well defined map 


H?(G, L*) — @) A7(G", LX) (5.40) 


where w is a fixed continuation of a place v and the summaton runs through 
all places v of K. In this situation the local invariants 


invx, : H*(G’, LX) —- Q/Z 


induce a map 
CD H7(G", LS) — Q/Z, (5.41) 
UV 
which is defined to be the sum of all the local invariants. 
The Minkowski—Hasse Local-Global Principle states that that the sequence 


0 — H*(G, L*) — G) HG", LS) — Q/Z, (5.42) 


obtained from (5.40) and (5.41), is exact. 

This exact sequence (5.42) plays a key role in many arithmetical questions. 
For example, the statement that (5.40) is an embedding is equivalent to saying 
that for the reduced norm 


v(a) = @a(@1,2,...,2N) (5.43) 


the Minkowski—Hasse principle holds, i.e. the form v(a) = B,4(x4,22,...,£n2) 
has a non-trivial zero over L iff it has a non-trivial zero over each completion 
of L (at least in the non-degenerate case). 

The exactness in the middle term @,H?(G”, L*) describes completely the 
classes of division algebras A which split over L. They correspond bijectively 
to tuples of numbers i(v), 0 < i(v) < n, the sum of which is divisible by n; for 
some algebra A with the class 6 € H*(G, L*) one has invx,yy(6) = i(v)/n € 
17/7, 

Finally, the statement that for 6 ¢ H*(G, L*) one always has 


>_ invr, (u(5)) = 0 € Q/Z, 


is essentially equivalent to the product formula for local symbols (5.37), and 
to the global reciprocity law. 
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Indeed, if a = (ay), € Jx is an idele, then the global Artin symbol 6(a) € 
G#? is defined as the limit 0(a) = lims[],,¢5 4y,(@y) where the product is 
finite, and the local symbols are defined by the conditon 


x(6,(ay)) = invx, (aU Ary) (5.44) 


(see (5.31)) for all characters x € H!(G3? ,Q/Z). 
Ifa € KX, ie. ay = a € K™ for all v, then for all characters x € 
H1(G2?, Q/Z) one has 


x (TI (00) = Sv invx, (a U Aix) = 0, 


since the element 


aU Ayy € H?(G??,Q/Z) 


belongs to the global Brauer group. 
In the case when the extension L/K is cyclic, one can construct using 
purely cohomological methods a canonical isomorphism 


H?(G(L/K), L*) & K*/NzrxL™ (5.45) 
and the exact sequence (5.42) implies the following: 


Hasse’s Theorem on Norms. Ifa¢ K* and L/K a cyclic extension, then 
a@ENz/KL of and only ifa € Nz, /x,Lw for all places v of K. 


In particular, let G be the group of order 2, so that L = K (vb). Then 
Nix (z+yvb) = x?—by?. Hence a can be represented by the form x? —by? over 
K iff it can be represented by it everywhere locally, i.e. over every completion 
of K. This implies that a quadratic form Q(z, y, z) in three variables over K 
has a non-trivial zero over K iff it has a non-trivial zero over every completion 
of kK. Passing to arbitrary n we obtain the Minkowski-Hasse theorem, which 
states that a quadratic form has a non-trivial zero over K iff it has a non— 
trivial zero everywhere locally, cf. Chevalley C. (1940), Cassels J.W.S. (1978). 
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Chapter 3 
Arithmetic of Algebraic Varieties 


§1. Arithmetic Varieties and Basic Notions of Algebraic 
Geometry 


1.1. Equations and Rings (Shafarevich I.R. (1988), (1987), Bourbaki N. 
(1962)). The machinery of algebraic geometry uses commutative rings instead 
of equations. Replacing a system of equations by a ring is similar to replacing 
an algebraic number given as a root of a polynomial by the corresponding 
field (or ring) extension. Consider a system of equations 


X:F,(T;)=0 G@el,jeJ). 


Here I and J are index sets; the 7; are independent variables; F; are polyno- 
mials from the ring K|T;| and K is a commutative ring. We shall say that X is 
defined over K. Now the question arises, which objects should be called solu- 
tions of the system X? There is an obvious definition: it is a family (¢;),7 € J, 
of elements of K such that F;(¢;) = 0 for all 2 € J. However, this definition is 
too restrictive. We could also be interested in solutions not belonging to K, 
for example the complex roots of a polynomial with rational coefficients. In 
general, consider a K-algebra L. 


Definition 1.2. An L-valued solution of X is a family (t;),7 € J of elements 
of L such that F;(t;) = 0 for all 2 € I. The set of all such solutions is denoted 
X(L). 


Since every ring is a Z-algebra, if X is defined over Z then we can consider 
its solutions with values in any ring. Let f : L; — D2 be a K-algebra ho- 
momorphism, ie. a homomorphism of rings and of K-modules. Then for any 
[,-valued solution (t;) of X, (f(t;)) is an Lo-valued solution. Hence f induces 
a map X(L,) — X(L2). 


1.3. Example: The Language of Congruences. Let n be an integer of the 
form 4m + 3. Here is the classical proof that n is not a sum of two integral 
squares: if it were then there would be a solution to the congruence T? +7? = 
3 mod 4, whereas a short case-by-case check shows that this is unsolvable. 
From our new viewpoint this argument can be rephrased as follows. Let X 
denote the equation T? + T? — n = 0 (K = Z). We want to prove that 
X(Z) = @. Consider Z/4Z as Z-algebra via the reduction homomorphism 
Z — Z/4Z. There is then an induced map X(Z) — X(Z/4Z). If X(Z) were 
non-empty, X(Z/4Z) would also be non-empty, which is false. In general, for 
any system X over Z, if X(L) is empty for some algebra L, then X(Z) is 
empty. In practice one usually tests for solutions in the finite rings Z/mZ and 
the real numbers R. A more satisfactory theoretical formulation uses p-adic 
fields and the ring of adéles (see Chapter 2, §3). 
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Definition 1.4. Two systems of equations X and Y with one and the same 
family of indeterminates over a ring K are called equivalent if X(L) = Y(L) 
for each K-algebra L. Among all systems equivalent to a given one X, there 
is a largest one. Its left hand sides form the ideal P generated in K[T;] by 
the F;,(Z;). In order to see that this is equivalent to X, it suffices to take 
L = K(T;\/P. 


1.5. Solutions as K-algebra Homomorphisms. We summarize the results of 
our discussion. Starting with the system X as above, we construct the algebra 
A = K[T;|/P. Then for any K-algebra L we have a natural identification 


X(L) = Homx(A, L). 


The system X is called solvable, if X (ZL) is non-empty for some non-trivial 
(that is, with 0 # 1) K-algebra L. One sees that X is solvable iff 1 is not 
contained in P. 

We have established the equivalence of two languages: systems of equations 
up to equivalence and algebras with a marked family of generators. Forgetting 
about the generators, we identify further those systems of equations that 
are related by invertible changes of variables. Each element of A can play 
the role of an indeterminate in a suitable system. The value taken by this 
indeterminate at a given solution is equal to its image with respect to the 
homomorphism A — L corresponding to this solution. 

In classical algebraic geometry, an (affine) algebraic variety over an alge- 
braically closed field K = K is defined to be the set Z C K” of common 
zeroes of a system of polynomials 


Fo Qiseasst CK Tiscanc | 


The ring of regular algebraic functions on Z is by definition, 


A=K[Z]=K[N,...,Tn]/Pz, 


where Pz is the ideal consisting of all polynomials vanishing on Z. Obviously, 
A is a finitely generated K-algebra without nilpotents. Conversely any such 
algebra is of the type K[Z]. 

The abstract notion of a scheme allows us to consider an arbitrary com- 
mutative ring A as a set of functions on a space Spec(A). 


Definition 1.6. The set of all prime ideals of a ring A (distinct from A) is 
called the spectrum of A and is denoted Spec(A). An element x € Spec(A) is 
called a point of the spectrum; the corresponding ideal is denoted pz C A. 

Recall that an ideal p C A is prime iff the quotient ring A/p has no zero 
divisors. We shall denote the field of fractions of A/p, by R(zx). 


1.7. Regular Functions. Each element f of A defines a function on Spec(A) 
whose value at a point x is the residue class f(x) = f mod p, considered as 
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an element of R(x). Two distinct elements of A may take the same values 
at all points of the spectrum. This happens iff their difference belongs to the 
intersection of all prime ideals of A, i.e. to the ideal of all nilpotent elements 
of A (Bourbaki N. (1962), Samuel P., Zariski O. (1975)). For this reason, the 
rings of functions of classical algebraic geometry usually contained no nilpo- 
tents. However, this restriction is unnatural even in many classical situations, 
since nilpotents arise geometrically when an algebraic variety depending on a 
parameter degenerates in a certain way (e.g. a polynomial acquires multiple 
roots). For this reason nilpotents are allowed in modern algebraic geometry, 
and all elements of A are thought of as pairwise distinct regular functions on 
the spectrum. 

We now define a canonical topology on Spec(A). A minimal consistency 
requirement of this topology with a given set of functions is that the vanishing 
sets of all functions are closed. 


1.8. A Topology on Spec(A). For any subset E Cc A, denote by V(E) Cc 
Spec(A) the set of all points z € Spec(A) for which f(x) = 0 for all f € E. 
The family {V(£)} consists of all closed sets of a topology on Spec(A) called 
the Zariski, or spectral topology. | 

Each ring homomorphism y : A — B induces a continuous map 


*~ : Spec(B) — Spec(A). 
By definition for y € Spec(B), we have 


Pey(y) = Ca) "(py): 


Each set V(F) is itself a prime spectrum: V(E) can be identified with 
Spec(A/Pg) where Pz is the ideal generated by E. This identification is in- 
duced by the canonical homomorphism 


A— A/Pr. 


There is also an important basis of open subsets of Spec(A) consisting of 
the sets D(f) = Spec(A[1/f]) for f € A. In fact for each EF C A we have 
Spec(A)\V(E) = UyenD(f). 

The spectra Spec(A) have very non-classical topologies. As a rule, these 
spaces are not separable. The closure of any point x € Spec(A), can be de- 
scribed as follows: 


l= U vie)=V( U 8) =Viee) = {y € Spec(A) , py > pol. 
ECDz ECP 


In particular this space is isomorphic to Spec(A/p,), so only the points cor- 
responding to the maximal ideals are closed. If y € {zx}, one sometimes says 
that y is a specialization of x; this is equivalent to pz C py. If A has no 
zero divisors then the ideal (0) € Spec(A) corresponds to the generic point of 


Spec(A), whose closure coincides with the whole spectrum. One can imagine 
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that the points of Spec(A) have different depths which can be, loosely speak- 
ing, measured by the number of specializations of the generic point necessary 
to reach a given point. This idea leads to one of the definitions of dimension in 
algebraic geometry. A sequence Xo, 2%1,...,2n of points of a topological space 
X is called a chain of length n beginning at xo and ending at 7, if 7; 4 2441 
and x;4 1 is a specialization of x; for all 1. The dimension dim(X ) is defined 
to be the maximal length of such chains. 

For example in X = Spec K[Ti,...,T,] (where K is a field) there is 
a chain (0) Cc (%) c ... C (Th,...,Tn), so dim(X) > n. Similarly, 
dim Spec Z[T,,..., Zp] > +1 because there is a chain 


(0) Cc (p) S (p, T1) Cc (p, T1, T2) Cw C (p, T1, To, ses sn) 


Actually, in both cases the strict equality holds. 

Passing to the closures instead of the points themselves, one can say that 
this is a variant of the old “definition” of dimension due to Euclid: points are 
boundaries of curves, curves are boundaries of surfaces, surfaces are bound- 
aries of solids. 

Arithmetical intuition is greatly enhanced when one considers rings of 
arithmetical type (that is, quotient rings Z[T;,...,7;,]/P) and their spéctra 
as analogues of algebraic varieties over fields. 

This is in the spirit of the general analogy between numbers and functions. 
For example, integral extensions of rings correspond to coverings of complex 
varieties, in particular Riemann surfaces. More precisely, lett py: RC S be 
an integral extension, so that S is a finitely generated R-module. Then the 
corresponding contravariant map “y : Spec(S) — Spec(R) is surjective, and 
its restriction to the subset Spm(.S) of maximal ideals (closed points) is also 
surjective (cf. Shafarevich I.R. (1988)). | 

For z € Spec(R), the fiber (*)~1(x) can be described as Spec(S/y(pz)S). 
The structure of the fibers over closed points is described by a decomposition 
theorem. In particular “y is called unramified at x € Spm(R) if S/y(pz)S has 
no nilpotents, and is therefore a direct sum of fields. 


Example. Figure 14 depicts Spec(Zli}) as a covering of Spec(Z) (Shafare- 
vich I.R. (1988)). The generic point w’ of Spec(Z[i]) projects onto the generic 
point w of Spec(Z). The other points are closed. A closed point of Spec(Z) 
is essentially a prime p. The fiber (*y~)~!((p)) consists of the prime ideals of 
Z|t| dividing p. They are principal. There are two of them if p = 1(mod 4); 
otherwise there is one. Only 2 is ramified (of multiplicity two). 


Notice that Spec(Z) and Spec(Z[2]) are one-dimensional (as are algebraic 
curves). More precisely, Spec(Z) should be thought of as being an analogue 
of the affine line, that is, the projective line minus one point. (We shall later 
explain how one “compactifies” Spec(Z) by adding the arithmetical infinity). 
This analogy can be illustrated by two deep theorems of algebraic number 
theory. The first is Minkowski’s theorem that Q has no proper unramified 
extensions. The second theorem is Hermite’s theorem that Q (or any finite 
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— (2ti) (3-21) 
Spec Z[i] | | —e 
opec Z i et he —e (J 
(2) (3) (5) (7) (1) (43) 
Fig. 14 


extension of Q) has only a finite number of extensions with given ramification 
points and bounded degree. 

These arithmetical facts have their geometric counterparts in the theory 
of Riemann surfaces: the Riemannian sphere has no non-trivial unramified 
coverings, and the number of coverings (up to isomorphism) of a given compact 
Riemann surface X, which are unramified outside of a given finite set of points 
and have a fixed degree, is finite. To prove these statements, one can use the 
following formula due to Hurwitz. Let f : Y — X be a covering of Riemann 
surfaces; gx,gy their genera and ep the ramification index of f at a point 
PeéY. Then 


2gy — 2 = deg(f)(2g9x —2)+ S— (ep — 1). (1.1) 
epE€Y 


Alongside this one uses an explicit description of the fundamental group 
™(X\S) of a Riemann surface with a finite set of points S removed. This 
group has only finitely many subgroups of a given index. 

A more sophisticated version of this analogy (dealing with algebraic curves 
over number fields instead of finite extensions) was developed by I. R. Sha- 
farevich in his Stockholm ICM talk (Shafarevich I.R. (1962)). The finiteness 
conjectures stated in this talk prompted a wealth of research which eventually 
lead to the proof of all these conjectures as well as the Mordell conjecture on 
the finiteness of the number of rational points on any curve of genus g > 1 
over a number field (G.Faltings (1983), see also §5). 


1.9. Schemes. The notion of a scheme is basic to algebraic geometry. An 
affine scheme is essentially a pair (Spec(A), A), where A is a commutative 
ring. More precisely, it is a topological space Spec(A) = X, endowed with a 
sheaf of local rings Ox whose ring of sections over an open set D(f) is A[f—']. 
A general scheme X is a topological space X with a structure sheaf Ox such 
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that (X,Ox) is locally (in a neighbourhood of each point) isomorphic to an 
affine scheme (see Hartshorne R. (1977), Shafarevich I.R. (1988)). 

Schemes form a category. Morphisms of affine schemes are defined to corre- 
spond bijectively to the homomorphisms of the commutative rings. Morphisms 
of schemes are given by such homomorphisms locally. 

For a commutative ring K, one can define a K-scheme as a morphism X — 
Spec(/). In the category of K-schemes, morphisms should be compatible with 
the structural morphisms to Spec(K’). Every affine scheme defining X has 
locally a canonical structure as the spectrum of a K-algebra. 

A scheme is called irreducible if its topological space is irreducible, i.e. if it 
is not a non-trivial union of two closed subspaces. 

We shall say that X is a scheme of geometric type if it can be covered by a 
finite number of spectra of rings of finite type over a field K. Similarly we say 
that X is a scheme of arithmetic type if it can be covered by a finite number 
of spectra of rings of finite type over Z. 

These two classes have a non-empty intersection consisting of geometric 
schemes over finite fields F,. They were and are a standard testing ground 
for various conjectures in which geometric and arithmetical intuitions are 
combined. We shall repeatedly turn to this class of schemes. In particular, 
if X — Spec(Ox) is a scheme of arithmetic type over the ring of integers 
Ox of a number field K, we can define for every prime ideal p C Ox the 
reduction X mod p. This is a scheme over the finite field Ox /p. Considerable 
arithmetical information concerning X is encoded in the set all reductions 
X mod p. 

For a scheme X of one of these types, dim X is defined to be the maximal 
length of a chain 

2pC2Z41C...CLn, J Fe Li+1; 


consisting of irreducible subspaces of X. If X is itself irreducible, with generic 
point x having residue field R(x), then dim X coincides with the so-called 
Kronecker dimension of R(x), that is, the transcendence degree of R(x) over 
its prime subfield, enlarged by one if Char R(x) = 0. In particular, 


dim Ay; = dim Spec Z[x,,...,2,) =n4+1. 


Example The projective space Pi over a ring K. Consider the poly- 
nomial ring S = K[To,...,In] graded by total degree S = @g>05a. Put 
Si = @asoSa. This is a graded ideal. Define Proj(.S) to be the set of all 
homogeneous prime ideals of S which do not contain S,. It is a topological 
space, whose closed subspaces are the sets 


V(a) = {p € Proj(S) | pD a} 


where a is a homogeneous ideal of S. In order to turn Proj(S) into a scheme, 
put 


We can identify Spec(A;) with an open subset of Proj(S) in such a way that 
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Spec(A;) M Spec(A;) = Spec(A;;). 


The structure sheaves can also be glued together in a coherent way. As a 
result, Proj(A) becomes a K-scheme P% which is called the projective space 
over Kk. 


1.10. Ring-Valued Points of Schemes. Let X — Spec(/) be a K-scheme 
and L a K-algebra. We define an L-point of X (over K) to be a morphism 
Spec(L) — X over K. Denote the set Mor, (Spec(Z), X) of L-points by X (ZL). 
If L is a field, we call these points geometric. 


Examples. 
a) Let X = AZ, K =Z, L =Fy. Then an L-point 
Z|T,,...,In] > Fg 
is essentially an n-tuple 
Cinieiatn) SE, 


Hence Card X(FF,) = q”. 

b) Let X = PZ, K = Z, L = Z/NZ. An element of X(Z/NZ) is a class of 
(n + 1)-tuples (tg :...: tn) € (Z/NZ)"*! such that at least one of the 
coordinates is invertible. Two tuples are equivalent iff their coordinates 
differ by a common factor in (Z/NZ)*. The i* coordinate is invertible 
precisely when the point lies in Spec(A;) (cf. 1.9). It is not difficult to 
count the total number of Z/NZ-points: 


n n p” ei Ne p (rt). 
Card P7(Z/NZ) = N Wess w— Ta- 1.2 
p|N ee 


1.11. Solutions to Equations and Points of Schemes. Solving a Diophantine 
equation or a system of equations is the same as finding a point in a scheme 
of arithmetic type. In fact, a family of polynomials over a ring K, 


HH Genrer oa E KD ineaagd nl (4 Ee I) 


generates an ideala Cc K[T,...,T7,] and for any K-algebra L, the L-points of 
the affine scheme Spec(K[T;,...,Z;,]/a) correspond bijectively to the solutions 
of F; =Oin L”. 
If the F'; are homogeneous then we may consider the corresponding projec- 
tive scheme 
Proj(K[T},...,Tn|/a) 


and its points. For a general algebra L, the relation between L-points and 
solutions here is somewhat complicated. For example if L is the ring of integers 
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in an algebraic number field, then the set of L-points of PZ is related to the 
ideal class group of L. However when L is a field, the L-points correspond to 
non-zero L-valued solutions upto a homogeneity factor. 

Projective space over a field can be obtained from the affine space by adding 
the hyperplane at infinity. Intuitively the transition to projective schemes is 
a kind of compactification. For this reason, projective schemes and varieties 
possess many nice geometric properties which play an important role in arith- 
metical investigations. 


1.12. Chevalley’s Theorem (Borevich Z.I., Shafarevich I.R. (1985), Warn- 
ing E. (1936)). Let X be a subscheme of P over a finite field K = Fj defined 
by an equation F(To,...,TIn) = 0, where F is a form of degree d and n > d. 
Then X(F,) 1s non-empty. 


Denote by Np the number of solutions of F = 0 in F?*", i.e. the number of 
F,-points of the corresponding affine scheme. We shall prove that p| Nr where 
p is the prime dividing q. Since F(0,...,0) = 0, this shows that there must 
also be a non~zero solution. 


Obviously 1 — F(T)?~! is equal to 1 € Fg at the points of (the cone over) 
X and 0 elsewhere. Therefore, 


Ne=Nrmodp= S— (1-F(t)*). (1.4) 
tEA"t1 (F,) 


We now expand the right hand side of (1.4) into a sum of monomials. Most 
of these will add up to zero. More precisely, 


» pet 0 (1.5) 


ter, t? 


unless all the 7, are non-zero and are divisible by g — 1. This can be checked 
for n = 0 directly, and then for general n by expanding the sum in (1.5) into 
the product of n+ 1 factors. 

If a monomial Tf? ... T? appears in the expansion of 1— F(T)?—1, then nec- 
essarily 1; < q—1 for at least one j; otherwise we would have (q—1) deg F(T) > 
n(q — 1) contradicting the assumption that d < n. Hence finally Np = 0, so 
p|Nr. 


1.13. Some Geometric Notions. In this subsection, we shall briefly review 
some notions of algebraic geometry over fields, which will be used later. For 
a detailed treatment we refer the reader to the volumes of this series devoted 
to algebraic geometry. 


i) Every K-variety (a geometric scheme over a field K without nilpotent 
elements in its structure sheaf) is a finite union of its irreducible compo- 
nents. After a finite algebraic extension of the base field AK’, an irreducible 
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ii) 


iii) 
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variety may become reducible (its components may form an orbit with 
respect to the action of an appropriate Galois group). A variety which 
remains irreducible after any algebraic extension of the ground field, is 
called absolutely (or geometrically) irreducible. Each irreducible variety 
has a well defined dimension. 

A point x € V can be singular or non-singular (regular). Amongst the 
many equivalent definitions of regularity, the following is probably the 
shortest: x is regular iff the completion of the local ring O, (with respect 
to the m,-adic topology where m, is the maximal ideal) is isomorphic 
to a ring of formal power series over k(x) = O,/m,. The regular points 
form a Zariski open subset of V. If V is given by a homogeneous equa- 
tion F'(r1,...,%n) = 0 in a projective space, one can obtain additional 
equations for the subvariety of singular points by putting OF (x)/Ox; = 0. 
A point of intersection of two irreducible components is always singular. 
The existence of singular points can drastically change both the geometry 
and the arithmetical properties of a variety. For example, a non-singular 
cubic curve in a projective plane has genus one; its set of rational points 
over, say, Q is quite small (cf. §3 below). When such a curve acquires a 
double point, the genus of its non-singular model becomes zero, and its 
set of rational points becomes much larger. 

A variety V given abstractly by an affine atlas and gluing quia may or 
may not be embeddable in a projective space. A variety which is given as a 
subvariety of a projective space admits in general many more inequivalent 
embeddings. A choice of such an embedding (if it exists at all) is an 
extremely important additional structure. In geometry, it allows one to 
use various induction techniques (fibration by hyperplane sections etc.). In 
algebra, it governs most of the sheaf cohomology calculations via various 
finiteness and vanishing results. In arithmetic the choice of an embedding 
leads to the notion of the height of a rational point, which is used in most 
of the quantitative problems of the Diophantine geometry. 

We therefore say a few words about divisors and invertible sheaves, the 
universally used geometric notions which generalize the ideas of a hyper- 
plane sections and a projective embeddings. 

Let V be a variety. A (Cartier) divisor on V is given in an affine atlas 
V = UU; by a family of elements {f;}, where f; is a rational function on Uj. 
On the intersection U;M Uj, we require that f; = ui; f; for some regular, 
regularly invertible function u;;. Two families {f;}, {g;} determine the 
same divisor if f; = u,g; for all 1, where u; is a regular and regularly 
invertible function on U;. The divisors form a group Div(V) under the 
natural composition: {f;}{g;} = {figi}. Every hyperplane section is a 
divisor. If all the {f;} are regular, the divisor is said to be effective. 

An invertible sheaf on V is a locally free, one dimensional Oy-module CL. 
The set of all such sheaves upto isomorphism forms a group Pic(V) with 
respect to the tensor product. Every divisor D defines an invertible sheaf 
O(D): its sections over U; can be identified with elements of f;Ov,. Vice 
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versa, a meromorphic section of £ defines a divisor D and an identification 
£L = O(D). In this way, we have a surjective homomorphism Div(V) — 
Pic(V). 
A projective space has a canonical invertible sheaf O(1). Each morphism 
y: V — P” determines the invertible sheaf £ = y*(O(1)). The sheaves £ 
obtained from the closed embeddings ¢ are called very ample. L is called 
ample if some positive power of it is very ample. | 

iv) If V is non-singular, one can define the locally free Ox-module of 1- 
forms 24 whose rank is d = dim(V). Its d‘® exterior power wy is called 
the canonical sheaf of V. Its numerical properties have a very strong 
influence on the arithmetical properties of V (cf. the next section). For 
V = P” we have wy = O(-—n-—1), so wy" is ample. Simultaneously the 
set of rational points could not be larger. When wy becomes ample, one 
conjectures that most rational points are concentrated on a proper Zariski 
closed subvariety. 


§2. Geometric Notions in the Study of Diophantine 
Equations 


2.1. Basic Questions. Consider a finite system of polynomial equations over 
Z. As was explained in section 1, such a system defines an arithmetic scheme 
X , its set of integral points X(Z) and sets X(L) for more general rings L, for 
example, rings of integers O of algebraic number fields. 

In number theory, we are most interested in the properties of X(Z) and 
X(O). Algebraic geometers study the properties of the algebraic varieties 
X(C) (or, more generally, X(K) for various algebraically closed fields). Ge- 
ometric methods in the theory of Diophantine equations are used in order 
to relate the geometry of X(C) (or X(K)) to the arithmetical properties of 
X(Z). 

Such methods are most successful for congruences, that is schemes over 
finite fields. A.Weil in his famous note (Weil A. (1949)) formulated several 
conjectures concerning the numbers of points of such schemes and suggested 
that there should exist a cohomology theory in finite characteristic such that 
a Lefschetz type theorem in this theory would imply (a part of) these con- 
jectures. A.Grothendieck and his collaborators developed such a cohomology 
theory, and P.Deligne accomplished the realization of Weil’s programme by 
proving the Weil—Riemann conjecture in full generality. In Chapter 4 §1 we 
shall briefly describe these results and discuss what kind of arithmetical in- 
formation about X(Z) is encoded in the geometry of the collection of all 
reductions X mod p. 

This section will be devoted to a qualitative description of some known 
connections between geometry and arithmetic in the characteristic zero case. 
Given an arithmetic Z-scheme X, we can ask the following questions: 
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A) Is X(Z) non-empty ? 
B) Is X(Z) finite or infinite ? 
C) If X(Z) is infinite, what is the order of growth of 


N,(H) := Card {x € X(Z)|h(x) < A}, 
where A is a certain “height” function, e.g. in coordinates, 
h(x1,.-.;2n) = max(log |z;|). 


D) Can one describe in some sense the total set X(Z) as a finitely generated 
structure ? 


First of all, one can interpret these questions as asking for algorithmic so- 
lutions. Obviously, this can be achieved only for restricted classes of schemes, 
since Matiyasevich’s theorem establishes the algorithmic unsolvability of ques- 
tion A). More generally, one can try to prove conditional statements of the 
type “if X(C) has such—-and-such geometric properties (is a one-dimensional 
irreducible non-singular variety, projective algebraic group, flag space ...), 
then X(Z) (or X(©)) has such—and-such arithmetical properties (is finite, 
finitely generated; N;,(H) grows as a power of H...)”. 

Below we shall briefly discuss some results of the latter type, grouping 
them around questions A) — D). We shall mainly be concerned with projective 
varieties X defined over a finite extension K of Q. In this case the K-points 
of X coincide with its O-points, so we shall speak about X(K) rather than 
X(Q). 


2.2. Existence of Rational Points and Obstructions to the Hasse Principle. 
Consider a class V of varieties over K. There is an obvious necessary condition 
for X(K) to be non-empty, namely that X(K,) 4 @ for every completion K, 
of K. If this condition is also sufficient for all X € V, we shall say that V 
satisfies the Hasse (or Minkowski-Hasse) principle. 

Using the circle method one can prove the Hasse principle for complete 
intersections in projective spaces whose dimension is sufficiently large with 
respect to the degree. B.J.Birch (1962) has proved the following general result. 
Let X Cc P"~! be given by h equations. Assume that the dimension of the 
subvariety of singular points of X is less than 


n—1—h(h4+1)(d—-1)2771. 


If there is a non-singular K,-point of X for all v, then X(K) is non-empty. 

In particular, it follows that in the class of non-singular projective hy- 
persurfaces the Hasse principle holds a) for quadrics of dimension > 3 (with 
number of variables n > 5); b) for the intersection of two quadrics of dimen- 
sion > 10 (n > 13); c) for cubic hypersurfaces of dimension > 15 (n > 17). 
One conjectures that this is true for n > 9 in case b) and n > 10 in case c); 
this last conjecture was recently proved over Q by Ch. Hooley (1988). 
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The best known results for the case b) are due to J.-L. Colliot-Théléne, 
J.—J. Sansuc, and P. Swinnerton—Dyer. 

Of course, the case of quadrics is classical. For cubic forms in 3 and 4 
variables one knows non-trivial additional conditions for X(K) # @ when 
X(K,) 4 9 for all vs. These additional conditions require the vanishing of the 
Brauer—Manin obstruction to the Hasse principle. 

This obstruction was constructed in Manin Yu.I. (1970b), (1972b). It is 
based on the Hasse—Minkowski principle for the Brauer group over a num- 
ber field (see in 85 of the previous Chapter, the exact sequence (5.42)), and 
Grothendieck’s generalization of the Brauer group for schemes. Loosely speak- 
ing, for a scheme X over a field K, an element a € Br(X) is represented by 
a family of semi-simple algebras parametrized by X. In particular, for any 
extension field ZL > K and an L-point x € X(L), one can define in a natural 
way the specialization a(x) € Br(L) with obvious functorial properties. 

Now, if X(K,) 4 @ for all v then X(A) 4 @, where A is the adéle ring of 
kK. Assume that for every adéle (z,) € X(A) there exists an a € Br(X) such 


that 
S inv, (a(zy)) # 0. 


Then no (z,) can belong to X(K). Hence X(K) is empty. 
One of the simplest examples in which the Brauer—Manin obstruction is 
non-trivial, is furnished by the projective cubic surface V over Q: 


3 
Z(X + Z)(X +2Z) =|] (xX + oY +072), 


ql 
where 6%) are the three roots of 
6° +7(8+1)7 =0 


(this example is due to Swinnerton—Dyer). Its set of adélic points is non- 
empty. 

A local analysis shows that one can construct two elements a1,a2 of the 
Brauer group of this surface with the following properties: i) if v # 7, the local 
invariants of a;(x,) vanish for every x, € V(Q,); ii) for every x7 € V(Q7), we 
have either inv7(a,(x7)) # 0, or inv7(a2g(x7)) # 0. Hence the Hasse principle 
fails for this surface. 

J.-L. Colliot-Théléne, J—J. Sansuc and D.Kanevsky have compiled a table 
of diagonal cubic surfaces aX?+bY%+cZ?+dU? = 0 with integral coefficients 
in the range [—500, 500] having rational points everywhere locally, for which 
the Brauer—Manin obstruction vanishes. A computer search has shown that all 
these surfaces have rational points. One might therefore conjecture that the 
vanishing of this obstruction implies the existence of a rational point for all 
diagonal cubic surfaces, or perhaps all non-singular cubic surfaces, or even all 
non-singular rational surfaces (i.e. those admitting a birational parametriza- 
tion by two independent parameters over C). This conjecture has been proved 
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for the so called generalized Chatelet surfaces given by an equation of the form 
y? — az* = P(x), where a is not a square and P is a polynomial of degree 
three or four. 

The Brauer—Manin obstruction has been thoroughly investigated for three 
classes of varieties: i) rational surfaces; ii) principal homogeneous spaces of 
linear algebraic groups, especially algebraic tori; iii) principal homogeneous 
spaces of elliptic curves and more generally Abelian varieties. Historically, iii) 
was the first example. However, it appeared in a different form in the theory 
of the Shafarevich-Tate group, whose classical definition will be given in the 
next section. The connection with the Brauer—Manin obstruction is explained 
in Manin Yu.I. (1970a). 

J.-L. Colliot-Théléne and J.-J. Sansuc have developed a geometric version 
of this obstruction, which is called the descent obstruction. 

Assume that for a variety X over K we have somehow constructed a family 
of dominating morphisms f; : Y; ~ X such that X(K) =U fi(Vi(K)). Then 
one can establish that X(K) is empty by showing that for each Y; there exists 
a completion K,(;) such that Y;(A,,;)) = @. On the other hand, if X(K) is 
non-empty, and the Y; are in some sense simpler than X, e.g. rational, one 
obtains an explicit description of the set X(K). 

Colliot-Théléne and Sansuc have developed a systematic way of construct- 
ing such families, based on the notion of a torsor. They have shown that 
for non-singular rational varieties these descent families have the following 
properties: 


a) The descent obstruction vanishes iff the Brauer-Manin obstruction van- 
ishes. 
b) The Brauer—Manin obstructions for the descent varieties Y; vanish. 


For further details see Manin Yu.I., Tsfasman M.A. (1986), Colliot-Théléne 
J.-L., Sansuc J.-J. (1980), (1987), and other papers quoted there. 


2.3. Finite and Infinite Sets of Solutions. Algorithmically, the question 
whether X(K) (or X(O)) is finite or infinite is just as hopeless as the empty- 
ness /nonemptyness question. In fact one can construct a family X; depending 
on t € Z such that the set {t|X;(Z) is finite} is random in a strong techni- 
cal sense of the word. However, in many cases this question can be settled 
by methods from algebraic geometry. First of all, the case of smooth projec- 
tive curves over an algebraic number field K is qualitatively described by the 
following results. 


i) Let X be acurve of genus zero. Then X(K) = 0 iff X(K,) = 0 for some 
completion of K. Actually, X can be given by a homogeneous quadratic 
equation in P2.: 

aX? + bY*+cZ* =0. 


The local conditions can be checked algorithmically. If X(K) 4 @ then X 
is isomorphic to P},, so X(K) = K U {oo}. 
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ii) If X is of genus 1 then X(K) can be empty, finite or infinite. Even over 
Q, one does not know a provably correct algorithm allowing us to dis- 
tinguish between these cases. However, there are algorithms that work 
in practice. In Manin Yu.I. (1971) an algorithm was suggested to answer 
the finite/infinite question when it is known that X(K) is non-empty. 
If one assumes certain general conjectures on elliptic curves (the Birch- 
Swinnerton—Dyer conjecture and the Taniyama—Weil conjecture, cf. the 
next section, and Manin Yu.I. (1971)), then one can deduce the correct- 
ness of this algorithm. 

Moreover X(L) always becomes infinite over an appropriate finite exten- 
sion of K. 

iii) If X is of genus > 1 then X(K) is always finite. This is the famous Mordell 
conjecture, proved by G.Faltings. For more details see the following two 
sections. 


Let now Y be a higher—dimensional variety over K. Then Y (XK) is infinite 
if there is a non-trivial rational map f : X — Y, where_X is a curve of genus 
0 or 1 with X(K) infinite. Such a map can often be constructed by geometric 
methods. 


Examples. 
a) Every a € K* can be represented in an infinite number of ways as a sum 
of three cubes in K. In fact, one representation is given by the identity 


3 

= (sacar) ((a° = 3°) 3 te (—a° af 3°a + 3°)° ee (3°a? + 3°a)3). 
Moreover, for any. non-singular cubic surface Y and any point y € Y(K), 
denote by X(y) the intersection of Y with the tangent plane to Y at y. If 
y does not belong to a line in Y then X(y) is a plane cubic curve with a 
double point at y. Hence it has genus zero and a rational point (cf. Part 
I, Chapter 1, §3). (This argument must be modified in certain degenerate 
cases). 

b) Euler conjectured in 1769 that the equation 


X* 4744 Z* =U" (2.1) 


has no non-trivial integral solutions. This conjecture was disproved by 
N.D.Elkies (1988). He found a solution 


26824404 + 153656394 + 187967604 = 20615673* 


and proved that there are in fact infinitely many solutions by constructing 
an elliptic curve lying on (2.1) with infinitely many points. 

Of course, we can find even more points on Y. if we manage to construct 
maps P” — Y or A— Y, where A is an Abelian variety with large A(K) 
etc. Many geometric methods for such constructions are known. 
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One should mention one more method of proving that Y(K) (or Y(Z)) 
is infinite: if Y has an infinite automorphism group G, an orbit Gy of a 
point y can be infinite. A good example of this is furnished by the Markov 
surface 

ty? +27 = 3zryz. (2.2) 


It has an infinite automorphism group generated by S3 (coordinate per- 
mutations) and three involutions (replace one coordinate by the second 
root of (2.2) as the quadratic equation with respect to this coordinate). 
The orbit of (1,1,1) with respect to this group coincides with the set of 
all solutions of (2.2). 


2.4. Number of Solutions with Increasing Height. Let us start with a heuris- 
tic argument. Consider a system of equations 


FA Dishes te) SO, CS di cosgan, (2.3) 
where F; is a form of degree d; with integral coefficients. Put 
N(H) = Card {(z0,...,2n) € Z"*"|H (x) := max(|x,|) < H}. 


To guess the order of growth of N(H), we may argue as follows. First note 
that there are about H"*+! points in Z"*! whose heights are < H. Secondly 
F, takes roughly H% values at these points. If the probability of taking the 
zero value is about H~%, and if these events are independent for different 7’s, 
we shall have | 

N(H) & oH" Da, (2.4) 


The power in the right hand side of (2.4) has a nice geometric interpreta- 
tion: if the projective variety V defined by (2.3) is a non-singular complete 
intersection, then its anticanonical sheaf Wy is given by the following formula: 


wy = O(nt+1- S~ di), 


where O(1) is induced on V by Opn(1). Hence we can reformulate (2.4) in a 
more general and a more cautious way, taking into account various counter— 
examples to the over—-optimistic formulation (2.4): we expect the order of 
growth of N(H) to be H*, a > 0 when wy’ is ample and O(H®) for any 
€ > 0 when wy is ample, if one deletes from V some “point—accumulating” 
subvarieties, and if one passes to a sufficiently large ground field. 

These conjectures were stated in a precise form by V.V.Batyrev and 
Yu.I.Manin. We shall add some comments without going into much detail. 


a) To obtain a stable picture, we must go to finite field extensions. Otherwise 
even curves of genus zero may fail to have points. 

b) We must also try to measure the height with respect to an arbitrary 
invertible sheaf, not only Wy". The latter could for example be zero, and 
is not in general ample. 
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Both problems are solved by the following definition of height, which is a 
modernized version of the old construction due to A.Weil. Let V be a pro- 
jective algebraic variety over a number field K and C an invertible sheaf on 
V. Consider all completions K, of K. Denote by |-|, : AK — R the local 
norm which is the scaling factor of an additive Haar measure with respect 
to multiplication by elements of K,. We have the classical product formula 
[L, |zlv = 1 for all zg € K%. If A is a one dimensional vector space over K, 
l| - lv: A — R denotes a norm such that |] aA ||,= Jal. |] 2 ||, for alla € K and 
A € A. The invertible sheaf £ can be considered as.a family of one-dimensional 
spaces parametrized by V, and one can define an admissible metrization as a 
family of metrics || - ||, for all v, on each fiber of £, with natural continuity 
properties (cf. Lang S. (1983)). Given such a metrized sheaf L = (ZL, || - ||,), 
the height with respect to it is a function Hy, : V(K) — R defined by the 
following formula: 


Hy (z) = [| Il s(x) la’, (2.5) 


where s is a local section of £ not vanishing at x. (Its choice is irrelevant due 
to the product formula). 

For a list of properties of heights, we refer the reader to Lang S. (1983). 
We mention only the following ones: 


i) Uptoa function of the type exp(O(1)) Hz, does not depend on the choice 
of metrization and is multiplicative in £. We shall therefore write H- 
instead, if we are interested only in questions invariant with respect to 
such choice. 

ii) If £ is ample then the number 


Nv(£L; H) = Card {x € V(K) | H¢(z) < AH} 


is finite for every H. 
iii) We have 
Np» (wy'; H) = cH(1 + o(1)) (2.6) 


for all n > 0 and number fields K (this is Schanuel’s theorem, Schanuel 
S. (1979)). 
iv) A natural generalization of (2.6) is the following 


Linear Growth Conjecture (Yu.I.Manin). Ifw7* is ample then (2.6) holds 
for points over a sufficiently large ground field lying outside of a finite number 
of proper subvarieties. 


Both provisos are already necessary for cubic surfaces: the conjecture 
certainly cannot be true for surfaces without rational points or for surfaces 
containing rational lines unless these lines are removed. Whether it is true 
as stated is unknown at the time of writing. 

v) It is however known that if w7" is ample then 
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Nu (L;.H) > cHBY”) 


for any dense Zariski open subset U C V, sufficiently large K, and some 
positive constants c > 0, 6(U,L) > 0. This follows from the Sh.Mori’s 
theorem that a rational curve passes through each point of V. Batyrev 
and Manin state some precise conjectures about the best possible values 
of G(U, L) and relate them to Mori’s theory. 


2.5. Height and Arakelov Geometry. S.Yu.Arakelov (1974) had the brilliant 
idea of considering Hermitean metrizations of various linear objects related 
to algebraic varieties (invertible sheaves, tangent bundles etc.) in order to 
compactify arithmetic schemes over number fields at the arithmetical infinity. 
In particular, each curve has a well defined minimal model over O which is 
called an arithmetical surface (since we added an arithmetical dimension to 
the geometric one). Adding metrics at infinity to this, Arakelov developed the 
intersection theory of arithmetical divisors. Heights in this picture become 
the (exponentiated) intersection index, see Arakelov S.Yu. (1974b), Lang S. 
(1988). 

This theory was vastly generalized by H.Gillet and C.Soulé ((1988), (1989)), 
following some suggestions in Manin Yu.I. (1985). Figure 15 is a visualization 
of a minimal arithmetical surface (this notion was defined and studied by 
I.R.Shafarevich cf. Shafarevich I.R. (ed.) (1965), Shafarevich I.R. (1966)). 

Its fibers over the closed points of Spec(©) can be non-singular (“non- 
degenerate”, or with “good reduction” ) or singular (having “bad reduction”). 
Rational points of the generic fiber correspond to the horizontal arithmetical 
divisors; there are also vertical divisors (components of closed fibers) and “ver- 
tical divisors at infinity” added formally, together with an ad hoc definition 
of their intersection indices with other divisors defined via Green’s functions. 

Arakelov’s picture played a prominent role in Faltings’ proof and the sub- 
sequent development of his work. One of the most promising recent devel- 
opments is the conjectural “arithmetical Bogomolov—-Miyaoka—Yau inequal- 
ity” which in the geometric case reads as c? < 3c 9. This was formulated by 
A.N.Parshin (1986) who: has shown that it implies many previous conjectures 
in Diophantine geometry, including even the Fermat conjecture. 


§3. Elliptic Curves, Abelian Varieties, and Linear Groups 


3.1. Algebraic Curves and Riemann Surfaces. An algebraic curve is a one- 
dimensional algebraic variety over a field AK. Usually we shall tacitly assume 
it to be irreducible. Every algebraic curve can be obtained by deleting a finite 
number of points from a projective curve. For every projective curve C’, there 
exists a non-singular projective curve C’ and a morphism C’ — C’ which 
is an isomorphism outside of singular points of C. The curve C” is called a 
(complete) non-singular model of its function field. It is uniquely defined (upto 
isomorphism) by this function field. 
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Fig. 15 


The genus g of a projective non-singular curve C’ (and its function field) 
can be defined (or calculated) in many ways. Here are some of them: 


i) It is the dimension of the space [’(w) of regular differential 1-forms on C’ 
(the differentials of the first kind). 

ii) If kK =C then g is the topological genus (the number of handles) of the 
Riemann surface C(C) of complex points of C. 

iii) Consider a projective embedding C Cc P%. In general one can take n = 3 
but not n = 2: our curve may have no non-singular plane model. However, 
C always has a plane projection with only simple double points. Let d be 
its degree and v the (geometric) number of double points. Then 


_ (d—1)(d — 2) 
ge 


The basic theorem on algebraic curves is the Riemann-Roch theorem. To 
state this theorem we require some definitions. 

Let D be a divisor on C’. It has a degree deg(D): a Cartier divisor on 
a non-singular curve can be identified with a formal linear combination of 
(geometric) points, and the degree is the sum of the coefficients of this linear 
combination. 

Recall that each invertible sheaf £ is isomorphic to a sheaf of the type O(D) 
(cf. 1.13). Although D is not uniquely defined by CL, its degree is. We may 
therefore define deg(L) = deg(D). In particular deg(wc) = 2g — 2, where g is 
the genus of C’. A divisor K = Kc such that w = O(K) is called a canonical 
divisor. A sheaf £ is ample iff its degree is positive. 

For a divisor D, put 1(D) = dim I'(O(D)). The Riemann—Roch theorem 
for curves can be stated as follows: 


l(D) —l(K — D) = deg(D) —g +1. (3.1) 
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3.2. Elliptic Curves. We shall call a non-singular projective curve X of 
genus one with a non-empty set X (K’) of K-points an elliptic curve. An elliptic 
curve has exactly one (upto constant factor) differential of the first kind. The 
divisor of this is zero. In other words wx & Ox. From the Riemann-Roch 
theorem (3.1) it follows that I(D) = deg(D) for deg(D) > 1. We can use this 
to show that i) X is an algebraic group; ii) X is isomorphic to a plane cubic 
curve. To prove i) choose a point o € X(K). For any two points z,y € X(K) 
let D=x+y-—o. Since deg(D) = 1 we have I[(D) = 1. It follows that there 
exists a unique (upto constant factor) function f whose divisor is r+y—o-z. 
Define x * y := z. One can check directly that * is a commutative group law 
on X(K) (with identity o). Actually, one can ameliorate this construction in 
order to define the algebraic addition law which is a morphism * : X x X — X, 
verifying the standard axioms. 

To prove ii) choose a non-constant section f € £(20). Then f has a pole of 
order precisely two, since sections of £(o) are constants. Furthermore [(30) = 
3, so there is a section h € L(30) with a pole of order three at o. From f and 
h we can construct seven sections of £(30): 1, f, f?, f°, h, fh, h?, whereas 
l(60) = 6. Hence these seven sections are connected by a linear relation 


ag taif +agf? +agf? + boh + bi fh + beh? = 0. (3.2) 


Equation (3.2) defines a smooth affine cubic curve. Its projective completion 
is a non-singular projective plane model Y of X. The identity point o € X(K) 
corresponds to the infinite point (0 : 1: 0) of Y, and the group law * becomes 
the law described in Part I, 1.3.2 in terms of secants and tangents. 

Making additional linear changes of variables we may reduce (3.2) to one 
of the following (Weierstrass) normal forms. 


a) If char(K) 4 2,3: 
y>=2°+ar+b (abe K), (3.3) 


where the polynomial on the right hand side has no multiple roots. 
b) If char(K) = 2: 


y>ty=23+axr+b (abe K). (3.4) 


Here the polynomial may have multiple roots. 
c) Ifchar(K) =3: 


y27=a%+azr*+br+c (a,b,c€e K). (3.5) 
Here the right hand side has no multiple roots. 


The proper Weierstrass form (in the case (3.3)) is 
y* = 4x° — gor ~ gz. (3.6) 


The discriminant 
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A = 93 — 2793 (3.7) 


does not vanish. The coefficients go and g3 are defined upto the substitution 
go ++ u*go, g3 > u®g3 with u € K. The modular, or absolute invariant 7 of 
our elliptic curve is defined to be 


693 93 93 
) = 293° ——————_; = 1728—. 3.8 
: 93 — 2793 A Be) 


Two elliptic curves have the same absolute invariant iff they become isomor- 
phic over an algebraic closure of the ground field K. The classical Weierstrass 
form (3.6) emerged in the theory of complex parametrizations of the complex 
elliptic curves. 

The Riemann surface E(C) of an elliptic curve E defined over C, is a 
complex torus, that is, a quotient C/A where A is a lattice 


A= {z=ny + net|n1,n2 € Z, Im(r) > Of. (3.9) 


The connection between this analytic description of F and an algebraic one is 
based on the identification of rational functions on E with A-periodic mero- 
morphic functions on C, i.e. elliptic functions. 

Weierstrass considered the following basic functions: 


plz) = (2,4) = + 0! ( ~ 5] (3.10) 


(prime denoting w # 0); 


o'(z) = p'(z,A)=-2)0 fom (3.11) 


weEA 


These series converge absolutely outside A and define elliptic functions. The 
set of all elliptic functions with periods A forms a field which is generated over 
C by ¢(z) and g’(z). These two functions are related by the equation 


g’(z)? = 49(z)? — go@(z) — 9s, (3.12) 
where ; 
g2 =605— ‘Gr 93 = 140 > ac (3.13) 
weEA WweEA 


Now if an elliptic curve E, C P2 is defined by the equation (3.6) with go and 
g3 from (3.13), we can define a map 


C/A > E,(C) (3.14) 


for which z +> (g(z) : g’(z) : 1) when z is not in A. The point 0 is mapped to 
the infinite point (0:1:0). 
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The map (3.14) is a complex analytic isomorphism. In order to define its 
inverse, consider the differential of the first kind 


dz/y = dx//4x? — gox — gs (3.15) 


on the Riemann surface E,(C). We integrate this form over a path joining a 
fixed initial point (say, o) with a variable point. 

The integral depends on the choice of path, but its image in C/A is deter- 
mined only by the endpoints. 

According to a classical theorem due to Jacobi, the discriminant A = A(r) 
of #, can be expressed via A as 


A = (2n)'*q |] (1-9) = (20)? S_ r(n)q” (3.16) 
m=1 n=0 


for all r € C with Im(r) > 0, q = exp(2z7ir). The function 7(n) is called 
Ramanujan’s function. Its first few values are 


r(1) =1, 7(2) = —24, 7(3) = 252, 7(4) = —1472. 
The absolute invariant of £, is by definition 


= 172893 (7m)? 


a(T) A(r) =q '+7444 S- e(n)q”, (3.17) 


n=1 


where c(1) = 196884, c(2) = 21493760,.... One can prove that j(7) takes all 
complex values, which shows that that every elliptic curve over C is isomorphic 
to E, for an appropriate T. 


Two curves £,,F,: are isomorphic iff 7’ = orth for some matrix & ) € 


SL(2, Z). In fact, a complex analytic isomorphism C/A > C/A’ is necessarily 
induced by multiplication by some u € C*. Therefore, A; = uA;/, so that 
(u,uT’) is a basis of A; and u = cr+d, ur’ = ar+b. The linear transformation 
is unimodular because (1, 7’), (u, ur’) and (1,7) all define the same orientation 
of C. We therefore have 


go(t’) = u*go(T), 93(7’) = u°ga(r). (3.18) 


To sum up, isomorphism classes of elliptic curves over C correspond bijectively 
to points of the quotient space §/I’, where is the upper half plane 


H = {r € C|Im(r) > 0}, (3.19) 


and the modular group 
I = SL(2, Z) (3.20) 


acts on § by fractional linear transformations. 
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The isomorphism C/A, — E,(C) is also compatible with the natural group 
structures. In terms of elliptic functions, this is reflected in the addition the- 
orem for elliptic functions: 


1 /@'(z1) — @'(z2) \" 
4 ( (21) — (22) 


In terms of the coordinates (zx, y) satisfying (3.6), we have 


lfyi-y : 
y= —-m~y +5 (BoB) 


¢o(z1 + 22) = —@(21) — (22) + (3.21) 


4\ 21-22 


where 
P, = (£1, w1), P2 = (X2,w2), P3 = P, * Po = (3, ws). 


Topologically, C/A is a surface of genus one. It can be obtained from the 
parallelogram {u; + ueT | 0 < uj, U2 < 1} by identifying the opposite sides 
(cf. Fig. 16). 


Fig. 16 


Points of finite order. Let E be an elliptic curve defined over a field A. For 
an integer n denote by E,, the kernel of the map which multiplies each point 
by n: 

ng: E(K)—-> E(K),  neg(t) = nt. (3.22) 

If EF is defined over C then the isomorphism C/A = E(C) shows that 

E, = Z/nZ x Z/nZ. 


In fact E,, corresponds to the subgroup + A/ Ac C/A. For example 2-torsion 
points are represented by 0, 1/2, 7/2, (1+ 7)/2. It follows that (3.14) maps 
1/2, 7/2, (1+ 7)/2 onto (x;,0) for i = 1, 2, 3, where z; are the roots of the 
polynomial 42° — gx — g3. In other words, 


g'(1/2) = p'(7/2) = e'((1 + 7)/2) =0, 
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and 
4x° — gox — g3 = 4(x — €1)(x — €2)(x — es), 
where 
e,= (1/2), e2=p'(7/2), e3 = @'((1+7)/2). 
The 3-torsion points have a nice geometric interpretation: they are the 
points of inflection of the projective Weierstrass model. 


For any ground field K, the morphism ng has degree n?, and if (char K,n) = 
1, we still have 


E(K)n &Z/nZ x Z/nZ. (3.23) 
However for char(K) = p and n = p™ we have 
E(K)n = (Z/p™Z)"*, (3.24) 


where yg = 0 or 1, (cf. Lang S. (1973), (1983)). 

Assume that (char(K),n) = 1. The field K(E,,), generated by the co- 
ordinates of all points of E,, is a Galois extension of K and the action of 
Gal(K/K) on E(K)n & Z/nZ x Z/nZ determines a representation 


pn : Gal(K/K) + GLo(Z/nZ) (3.25) 


whose image is isomorphic to Gal(K(E,)/K). The field K(E,,) can be re- 
garded as an analog of the cyclotomic field K(¢,,). However it is not in general 
Abelian; only for the so called complex multiplication curves is the analogy 
really far-reaching. This is a basic example of the kind of construction made 
in Abelian and non—Abelian class field theory. 

It is known that the representation det (p,,) is the cyclotomic character of 
Gr = Gal(K/K); that is, it corresponds to the action of Gx on the group [Un 
of n** roots of unity. Actually these roots are contained in K(E,,), and Ep is 
endowed with a canonical non-degenerate alternating Weil pairing 


en: E(K)n X E(K)n — Ln- (3.26) 
compatible with the action of Gx. This is defined purely algebraically, with the 
help of the functions fp, P € E(k) such that div(f) = nP — no. Calculating 
the pairing for an elliptic curve EF over C, given by a period lattice A, we 
obtain 

€n((a + b7)/n, (c+ dr)/n) = exp(27i(ad — be) /n). (3.27) 
The fundamental arithmetical property of elliptic curves defined over an 
algebraic number field K is the following result. 


The Mordell—Weil Theorem (Weil A. (1979b), Lang S. (1983)). The 
Abelian group E(K) is finitely generated, that is 


E(K) & E(K )tors BZ", (3.28) 


where E(K)tors is a finite (torsion) group, and rg is an integer > 0, called 
the rank of E over K. 
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This theorem is proved in two steps. One first shows that E(K)/nE(K) is 
finite (for some, or every n > 2). Then one uses a descent argument based on 
the following property of logarithmic heights h(P): h(P) < const +n7*h(nP+ 
Po) for a fixed Po, variable P and a constant independent of P. 

The weak finiteness theorem for F(/-)/nE(K) can be established by a kind 
of Kummer theory for K(E,). 

Consider the extension K (+ E(K)) of K(En). One proves that this is a finite 
Abelian extension whose order divides n. This can be deduced from Hermite’s 
theorem on the finiteness of the number of extensions of a fixed number field 
having prescribed degree and ramification points. In order to apply Hermite’s 
result one must check that every ramified prime either divides n or is a point 
of bad reduction of E. 

Now consider the exact sequence 


0— E, — E(K)—>E(K) = 0. (3.29) 
This gives rise to an exact sequence of Galois cohomology groups 
E(K)>E(K) > H"(Gx, En) > H"(Gx, E(K))>H" (Gx, E(K)) 
which can be rewritten as 
0 > E(K)/nE(K) > H'(Gx,E,) —~ H'(Gxr, E(K))n — 0. (3.30) 


Although the group H!(Gx, En) is infinite, the image of E(K)/nE(K) is 
contained in a finite subgroup, which we shall describe in geometric terms. 

An element a € H!(Gx, En) corresponds to an n-fold covering of E over 
K, that is to a map a: C — E of algebraic curves, which becomes isomorphic 
ton: E®K — E@K when the ground field K is extended to K. Given 
such a covering, one constructs a 1—-cocycle by choosing a point P € E(K), 
an inverse image Q = a~!P, and a point Q, € E(K), which corresponds to 
Q under a structure isomorphism C(K) & E(K). Then one defines a as the 
class of the cocycle: 


THA =Q1-Q,€ En (09 € Gx) (3.31) 


(subtraction refers to the group law on E; we shall later on denote it by + 
instead of *). Elements G € H!(Gx,E(K)) are interpreted as isomorphism 
classes of the principal homogeneous spaces X of & over K, that is, curves X 
given together with group actions & x X — X which become isomorphic to 
the addition morphism of EF when the ground field is extended to kK. Given 
such an X, choose a point P € E(K), a point Py € X(K) corresponding to 
P under a structure isomorphism, and define a cocycle 


a+ 8,=P,—PPEE(K) (c€ Gx). (3.32) 


A different choice of P leads to a cohomological cocycle. The cohomology class 
is trivial iff X has a rational K-point. This establishes a direct connection 
between Galois cohomology and Diophantine geometry. 
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The exact sequence (3.30) can be conveniently described in this setting. A 
point P € E(K) determines an n-covering 


tpng: E> E’, (3.33) 


where tp is the translation by P. Now choose a point Q € E(K) such that 
nQ = P. Then tpn = ntg, so that the translation tg: E@ K += E@K is 
a K-isomorphism of algebraic curves, turning (3.33) into multiplication by n. 
Therefore, our n-covering becomes trivial over K’ = K(+E(K)). Hence its 
class belongs to the finite subgroup 


M,, = Infl(H1(G(K'/K), En)) C H'(Gx, En), 


whose order can be bounded in terms of the degree and ramification of K’. 
This finishes the proof of the weak Mordell—Weil theorem. 

The descent argument proceeds as follows: choose a finite number of rep- 
resentatives 


ree oe 
of E(K)/nE(K). There is a constant C such that if h(P) > C, then 


h (i = P) | < h(P), 


where P; is congruent to P modulo n. Hence P can be represented as a linear 
combination of 


Pi,...,Ps 


and points of height <C whose number is finite. 

The exact sequence (3.30) can be used to obtain upper bounds for the rank 
rg. In fact, if n = p is a prime and M is a finite subgroup of H'(Gx, Ep) 
containing the image of E(K)/pE(K) then (3.30) shows that 


TE < rkz/pz(M) <= kz /pz(E(K)p). (3.34) 


Any improvement on this bound would require an understanding of the cok- 
ernel of the map 


E(K)/pE(K) > M. 


In order to choose a small, well-defined M, it is convenient to apply the 
usual local—to—global constructions. For each place v of K, choose an exten- 
sion w of v to K and denote by G, C Gx the corresponding decomposition 
subgroup G, ~ G(K,,/K,). Then for an arbitrary Gx-module A we have 
restriction homomorphisms H*(Gx,A) — H*(G,, A). In our setting, these fit 
into the commutative diagram 
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0+ E(K)/nE(K) — H(Gx,En) : H'\(Gx,E(K)),n 0 


{ B=]], bv | 


0—- I], E(u) /nE(K) =e I], 2° (Gv, En) =" Il, 4’ (Gx, E(Kw))n = 0 


in which £, denotes the composition of the restriction morphism and the 


morphism induced by the inclusion E(k) — E(K,). 
Put now 


IW (£,K) = |) UWI(E,K),n, Il (E,K)n = Ker(). (3.35) 
neN 


This group is called the Shafarevich-Tate group of E over K; its interpre- 
tation in terms of the Brauer group and connection with the Brauer—Manin 
obstruction is explained in Manin Yu.I. (1970b). In our setting, an element of 
UI (£, K) corresponds to a principal homogeneous space of E& over K (up to 
isomorphism) which has a K,-point in every completion of K. 

The group : 


(and the inductive limit of these groups over all n) is called the Selmer group of 
FE. An element of S(E, kK), can be interpreted as (the class of) an n-covering 
C' — F such that C' has a K,-point in each completion K, of K. By definition 
we have an exact sequence 


0 E(K)/nE(K) > S(E, K)n > I (E, K)n — 0. (3.37) 


One can say that LI (E, K) is a cohomological obstruction to a calculation of 
E(K). There is a conjecture that II (E, K) is finite. This was recently proved 
by K.Rubin (1987) for certain curves with complex multiplication, and by 
V.Kolyvagin (Kolyvagin V.A. (1988)) for a class of curves uniformized by 
modular curves. We shall return to this question in Chapter 4 in connection 
with zeta—functions and modular functions. 

We now consider in more detail the properties of the height function hp: 
E(K) — R corresponding to a divisor D, or, equivalently, to the invertible 
sheaf O(D) of degree d on an elliptic curve E. Since the degree of the map 
ng is n?, one can check that 


hpong~ n*hp. (3.38) 


More precisely the following limit exists: 


hp(z) = slim h p(2% x) /2?%. (3.39) 


This limit hp is called the Néron-Tate height. 
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If the divisor D is ample (see 1.13) then hp is a quadratic form on E(K), 
which is positive definite modulo torsion. Moreover its natural extension 


hp: E(K)®zR—-R 


is of the form dbp, where d = deg(D) and bg is a positive definite quadratic 
form independent of D. The kernel of the natural map E(K) — E(K) @z 
R is the finite torsion subgroup E(k‘)tors; its image is a lattice in the rg- 
dimensional Euclidean space with the scalar product 


< P,Q >= 5 |bo(P + Q) — bo(P) — b0(Q) ]. 


RO | eS 


Therefore, the region hp < log(B) in this space is a ball of radius (d~! log( B 
))!/2. The number of points in this ball is asymptotically proportional to its 
volume, that is const: (log(B))"/?. The constant in this expression depends on 
the volume of a fundamental domain for the lattice E(k) mod torsion, that 
is, on the regulator of E over K: 


H = H(E, K) = det (< P,, P; >)'”. (3.40) 


B.Mazur has proved that Card(£(Q)tors) is bounded (cf. Mazur B. (1977)). 
For general number fields K this is only known for each p-component of the 
torsion subgroup (Yu. Manin). Actually Mazur showed that E(Q)tors is always 
isomorphic to one of the following fifteen groups: 


Z/mZ (m<10,m=12), Z/2Zx Z/2vZ (v < 4). 


All these groups arise in this way. 

It is conjectured that there are elliptic curves of arbitrarily large rank over 
Q. J.-L. Mestre constructed curves of rank rg > 14 (Mestre J.-L. (1982)), by 
choosing equations in such a way that their reductions modulo many primes 
p have as many points modulo p as possible. 

A concrete example of a calculation of the group E(Q) is given in Mazur 
B. (1986). Consider the curve 


E : —206y? = 2° — 2? +1/4 


and three points on it 


Point z y Néron — Tate height 
P, —15/8 7/32 1.52009244 
P, —55/8 43/32 2.05430703 


P;  —55/98 47/1372 2.42706090 
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A descent argument shows that re < 3, and a height computation allows 
one to conclude that P,, P2, P3 are linearly independent generators of E(Q) = 
Z?; The absence of torsion can be checked by p-adic calculations. 

For a given elliptic curve, the numbers |F/(Q)tors|, 7g, H(E, K), | I (£, K)| 
(conjecturally finite), and the conductor (a product of primes of bad reduc- 
tion) are the most important arithmetical invariants of E. Later we shall see 
that all these invariants are combined (partly conjecturally) in the properties 
of its zeta-function (4.4.4). 


3.3. Abelian Varieties and Jacobians (Mumford D. (1974), Lang S. (1958), 
Weil A. (1948)). Abelian varieties are multi-dimensional generalizations of 
elliptic curves. By definition, an Abelian variety A over a field K is a non— 
singular projective variety, together with a group structure given by mor- 
phisms over K: 


AxA-A ((t,y)h 2t+y), A oA (4h —-2). 


One can prove that any such structure is commutative, which justifies the 
additive notation. 

A homomorphism of Abelian varieties is a morphism A: A — B of al- 
gebraic varieties which is a group homomorphism. If dim(A) = dim(B), the 
surjectivity of A is equivalent to the condition that the kernel of % is finite. 
If these conditions are satisfied then A is called an tsogeny, and A and B are 
said to be isogenous. 

In particular, multiplication by an integer m4 : A — A, ma(x) = mz, is 
an isogeny of degree m9, g = dim(A). If the characteristic of the ground field 
does not divide m, then | 


Am = A(K)m = Ker (ma) & (Z/mZ)’9. 


In particular the action of the Galois group on A,, defines a Galois represen- 
tation 


Pm: GR — Aut(Am) C Glog(Z/mZ). (3.41) 


These representations are the best studied examples of the general Galois 
actions on Grothendieck’s étale cohomology groups. As in the case of elliptic 
curves, there is a non—degenerate alternating Weil pairing 


€m : A(K)m x A(K)m — Um: (3.42) 
This is compatible with the action of the Galois group, so that 
Im (Pm) C GSp,(Z/mZ) C Glog(Z/mZ), 
where GSp, is the group of symplectic matrices: for an arbitrary ring R, 


GSp,(R) ={M € GLog(R)|M*JgM = u(M)Jg, u(M) € R*}, (3.48) 
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where J, is a standard symplectic matrix. Actually, the construction of em 
depends on the choice of a polarization on A (cf. below). 

If A is an Abelian variety defined over C, the complex variety A(C) is 
isomorphic to a complex torus C9/A, where A is a lattice in C9. Not every 
complex torus, however, can be obtained in this way. A necessary and sufficient 
condition for this is the existence of an R-valued, R-bilinear form E(z, w) with 
the following properties: 


E(z,w) = —E(w,z). (3.44) 
E(z,w) € Z for all z,w € A. (3.45) 
E(z,iw) is an R — bilinear, symmetric, positive definite form. (3.46) 


Such a form E is called a Riemannian form on the complex torus C9/A. 
It also defines a Hermitean Riemannian form on C%: 


H(z,w) = E(iz,w) +iE(z,w). (3.47) 


If such a form EF exists at all, it is not unique. We shall say that a choice of 
E defines a polarization of A. 

An Abelian variety together with a polarization is called a polarized Abelian 
variety. 

We recall the following classification theorem for non-degenerate alternat- 
ing integral forms on a lattice A © Z?9: for each form, there exists a basis 
{A1,.-+,Aag} of A such that 


E(AG, Aj) = E(AgtisAg+3) for 1< 1,59 <Q, 
F(A, Ag+) = Ci0ig for 1 < 1,7 <Q, 


where €1,...,€g are natural numbers, 
ei |€2, oe Cnet leg. 


Clearly, 
det A(E) = (e1€2 oe €y)*. 


A polarization with determinant 1 is called a principal polarization. 

There is a totally different definition of polarization, which is purely al- 
gebraic and is valid over any ground field. Namely, consider an arbitrary 
projective embedding A ~ P. Call two embeddings equivalent if one can 
be obtained from the other by a projective transformation composed with a 
translation by a point of A. An equivalence class of projective embeddings 
defines a linear system of hyperplane sections D of A. Over the complex 
ground field, this gives rise to an integral 2-cohomology class of A(C), which 
in turn defines a Riemannian form EF, in view of the known structure of the 
cohomology ring of a torus. Elaborating this correspondence, one obtains the 
following 
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Definition. An (algebraic) polarization of an Abelian variety A is a class 
of ample divisors {D} up to algebraic equivalence. 


3.4. The Jacobian of an Algebraic Curve (Lang S. (1958), Weil A. (1948)). 
Let X be a non-singular projective curve over a field K. One defines in an 
invariant way an Abelian variety J = Jy, which parametrizes the invertible 
sheaves (or divisor classes) of degree zero on X. This Abelian variety is called 
the Jacobian of X. For K = C, its structure is essentially described by Abel’s 
theorem. Consider a divisor 


a=) nF, Soni =0. 


We have a = OC where C is a 1-chain. Choose a basis of the differentials of 
the first kind 


(Wise dsWoy 


on X, where g is the genus of X. Consider the point 


(fots---s fig) 


Since one can replace C' by a homologous 1-chain, this point is only well defined 
modulo the period lattice H;(X,Z) of our basis. Abel’s theorem asserts that 
the map sending a to the class of this point in the torus C9 /H;(X, Z), identifies 
this torus with the group Jx(C) of all classes of divisors of degree zero. 


is self-dual with respect to a canonical Hermitean metric. Hence 
Hy(X) & C9/Hy(X,Z) 


where H x Z) denotes the Pontryagin character group of H;(X,Z). This 
shows that Jx can be considered as an algebraic avatar of the 1-cohomology 


of X. | 
Properties of Jacobians. 


1) dim(Jx) =g (the genus of X). 

2) Jx is an Abelian variety, and for every extension field L of K, the group 
Jx (ZL) is canonically isomorphic to the group of divisor classes of degree 
zero on X with ground field extended to L. 

3) Every morphism of curves of finite degree f : X -—» Y determines a 
functorial homomorphism f* : Jy — Jx, corresponding to the inverse 
image map on divisor classes. 

4) Jx has a canonical principal polarization. This has an algebraic descrip- 
tion as the class of the Poincaré divisor 0. The Poincaré divisor can be 
defined as follows. Start with Abel’s map 


yp: X — Jx, (3.48) 
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which sends a point « € X(K) to the divisor class cl(x — P), where 


P € X(K) is some fixed point. Consider the map 
wi X92, 2 4s Jy, 


where yp is the addition map. From the Riemann—Roch theorem it follows 
that w is surjective. Put 0 = y(X9-'). 


Many geometric and arithmetical properties of a curve X can be read off 
from the properties of its Jacobian. In particular, the classical theorem of 
Torelli (Weil A. (1957)) states that X can be uniquely reconstructed from Jx 
together with its canonical principal polarization. Essentially this theorem 
was used in Faltings’ theory and in earlier constructions due to A.N.Parshin 
and Yu.I.Zarkhin (Zarkhin Yu.G. (1978), (1985), Parshin A.N.(1971), (1973), 
Parshin A.N., Zarkhin Yu.G. (1988)). 

If X is defined over K, the Jacobian and its principal polarization are both 
defined over K. If X has a K-point P, the map (3.48) is also defined over K. 

One can also prove that if X is an algebraic curve over an algebraic num- 
ber field K having good reduction modulo a prime p C Ox, then Jx with 
its canonical projective embedding (given by the divisor @) also has good 
reduction. 

Every Abelian variety A over a number field (or absolutely finitely gener- 
ated field) K satisfies the Mordell-Weil theorem: A(K) is a finitely generated 
commutative group, that is 


A(k) = A(K tors 7) Te 


where A(K)tors is finite and r, is the rank of A over K (Lang S. (1983)). 
As with elliptic curves, one can define the Selmer groups S(A, K) and the 
Shafarevich-Tate groups II (A, K). A standard conjecture is that the latter 
are all finite. 
Every divisor D on A determines a Néron—Tate height 


hp: A(K)@ROR, 


and if D (that is, O(D)) is ample, then hp induces a Euclidean metric on the 
r,a-dimensional vector space A(K) @R. 

A very important role in the theory of Abelian varieties is played by 
the endomorphism ring End(A) of A (over K) together with the Q-algebra 
End(A) ® Q. It is known that this algebra is semi-simple. 

The Abelian variety A is called simple if End(A) ® Q is simple. A decom- 
position of End(A) ®Q as a sum of simple algebras R; ®--- R, corresponds to 
a decomposition of A into a product of simple Abelian varieties up to isogeny: 
there exists an Abelian variety 


B=B,x.:--B, 
isogenous to A such that End(B;) @ Q & R,; (Lang S. (1958)). 
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Let E be a Riemannian form corresponding to a polarization of an Abelian 
variety A over C. Such a form determines a Rosatti involution p on End(A) ® 
Q (that is, an anti-isomorphism of order 1 or 2) which verifies the relation 
E(\x2,y) = E(x, °y) for every A € End(A) @ Q. Involutions of this kind can 
also be defined over a ground field of finite characteristic. 

Semi-simple algebras with involutions have been classified, cf. Mumford D. 
(1974), Shimura G. (1971). 

If K is a number field, g = 1, then either End(A) @Q = Q or End(A) ®Q is 
an imaginary quadratic field k. In the latter case A is called an elliptic curve 
with complex multiplication. It can be represented as a complex torus C/A, 
(see (3.14)) with 7 € k, Im(r) > 0. 

We now sketch an analytic construction of the space A, of isomorphism 
classes of Abelian varieties over C with principal polarizations. The crucial 
observation is that each such variety can be represented as a complex torus 
C9/A,, where 


A= A, = {ni + net | m1,n2 € Z9, 7 € Hy} (3.49) 
and 9, is the Siegel upper half space 
Hq = {7 € GL,(C) | Im(z) is positive definite}. 


In fact, let A be an Abelian variety with a principal polarization, given as 
a torus C9/A, and a Riemannian form E on A with determinant 1. Choose 
a symplectic basis {w1,w2,---,W2g} of A. Representing w; by its column of 
coordinates, we can construct a (g xX 2g)-matrix 


(2 = (w1,W2,-++, Wag) 


which is called a period matriz of A. Put 2 = (2,929) where 2; € M,(C). 
From (3.44) and (3.46) it follows that 


22D} — 2,25 = 0, (3.50) 


2i( Qo, — 25) > 0 is positive definite. 


Thus 21,2 € GL,(C) and tr = NF'2, € Hy. From this one deduces that 
the complex variety A(C) is isomorphic to the torus C9/A,, and the initial 
polarization corresponds to one given by the form 


E(x, + Ty1,22+Ty2) + ciye — xy, 


where 2;, 4; € RY. 
The varieties C9/A, and C9/A,- are isomorphic iff 


7! = (Ar+B)(Cr+D)7} 


for a certain matrix M = & from the group 
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Sp,(Z) = {M = ert € SL2,(Z) | M’JgM = M, (3.51) 

This group is called the Siegel modular group of genus g. 

Summing up, we see that A, can be described as the quotient space 
§,4/Sp,(Z) where M acts on §, by matrix fractional linear transformations. 

One can show that A, is a complex analytic space of dimension g(g + 1)/2 
with a natural structure as a normal quasi—projective variety defined over Q. 
A generic Abelian variety over C is simple, and its endomorphism ring is Z. 

The are important variations of this construction. One can consider fami- 
lies of pairs A, & in which End(A) and £ verify some additional constraints, 
and one can supply such pairs with so called level structures, for example a 
choice of symplectic basis for the subgroup A,, of points of order m. In many 
situations there exist universal PEL-families (Polarization, Endomorphisms, 
Level), whose bases are very important algebraic varieties (Shimura Varieties) 
defined over number fields. The action of the Galois group on the Algebraic 
points of these varieties can be described in considerable detail. 


3.5. Siegel’s Formula and Tamagawa Measure. Algebraic groups comprise 
not only of Abelian varieties but also of linear groups. The latter are affine vari- 
eties, whereas Abelian varieties are projective. The arithmetic of linear groups. 
is a well-developed chapter of algebraic geometry. For an extensive report 
on its qualitative aspects we refer the reader to the papers of V.P.Platonov 
(1982), and V.P.Platonov and A.S.Rapinchuk (1983). We shall describe here 
only classical results due to C.-L. Siegel, which were generalized and reinter- 
preted by Weil. These results give a quantitative form to the Minkowski-Hasse 
principle for quadratic forms, and lead to certain precise formulae of the kind 
furnished by the circle method for the principal terms of some arithmetical 
functions. 

Siegel’s formulae concern the equations 


S[xX)=T (S[X] = X'SX) (3.52) 


where S € M,,(Q) and T' € M,(Q) are the symmetric matrix forms of Q- 
rational quadratic forms gg and qr, the solutions X being in Mm,,(Q). 

Let us consider in more detail the case when S and T are the matrices of 
integral positive definite quadratic forms corresponding to the lattices Ag C 
R™, Ar C R” (in the sense that qs and qr express the lengths of elements of 
Ag, resp. Ay). Then an integral solution X to (3.52) determines an isometric 
embedding Ag — Ar. Denote by N(S,T) the total number of such maps, 
which is also called the number of integral representations of gr by qs. The 
genus of qs is by definition the set of quadratic forms, rationally equivalent 
to gs. The genus consists of a finite number of classes with respect to integral 
equivalence. Let J be the set of these classes. One of Siegel’s formulae gives 
the value of a certain weighted average of the numbers N(S,,T) over a set 
of representatives S, for classes x € J of forms of a given genus. To be more 
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precise, denote by w(x) the order of the group of orthogonal transformations 
of the lattice As, and define the mass of S by the formula 


Mass(S) = ye : 


—. 3.53 
24 (a) (3.53) 


Assume that N(S,,T) #4 0 for at least one x (or, equivalently, that there is an 
isometric embedding As ® Q — Ar @ Q) and put 


N(S;,,T) 
w(x) 


1 


Siegel’s formula expresses this average as a product of local factors 


N(S,T) = Cm—n€m_ %o0(5,T) [| ap(5,T), (3.54) 


p 


where c; = 1/2, c, = 1 for a > 1, and the proper local factors are defined as 
follows. For a prime p denote by N(S,T; p") the number of solutions of the 
congruence 


S[X] =T (mod p") (X € Mm n(Z/p"Z)) (3.55) 
and introduce the local density 


Qpy(S,T) = lim em—n+iN(S,T;p")/p™, d=mn—n(n+1)/2 (3.56) 


(the expression inside the limit actually stabilizes when r is sufficiently 
large). One can define aq(5S,7) similarly, replacing the p-adic measure by 
an Archimedean measure. Consider a neighbourhood V of a matrix S in the 
space of symmetric matrices {T = (t;,;) € Mm(R) | T* = T} with the measure 
given by the volume form ar = Aj<;dt;,;. Put 


U ={X = (243) € Mmn(R) | X*SX € V}. 


It is a subset of My»(R) with a measure 8 = A;j;dz,,; (@ = 1,...,m37 = 
1,...,”). Finally put 
Su Px 


oo (S; T) = Cm—n+1 Jim, f on (3.57) 
V 


The product in (3.54) converges absolutely if m > 3 and m—n #2. 
In the special case JT’ = S we have 


1 
Mass(S’‘) 


and (3.54) becomes the Minkowski-Siegel formula (Serre J.-P. (1986), p.671) 


N(S,T) = 


Mass($) = CmOoo(S,$)7! |] a(S, 8)7}. (3.58) 


p 


196 Chapter 3. Arithmetic of Algebraic Varieties 


If n = 1, T = (t) then N(S,T) is the number of integral representations of 
a positive integer t by the quadratic form qg. 

Note that for almost all primes p (i.e. for all but a finite number) each solu- 
tion to the congruence (3.55) can be lifted to a solution of the corresponding 
congruence modulo any p” (using Hensel’s lemma). In this case we have 


N,(9S, 7; p 
ap(S,T) = a AEA 


(3.59) 
which makes it possible to describe explicitly almost all the local factors in 
(3.54) and to express this product in terms of special values of certain zeta- 
functions (for example, values of the Riemann zeta-function on integers). 

Consider for example the quadratic form gg = 5,1 x? given by the iden- 
tity matrix S = I. If m is divisible by 4, then (3.58) takes the following form 
(Serre J.-P. (1986), p.673): 


Mass(Im) = (1 — 2—k)(1 + €2!~*) | BoByg--+ Box|/4k!, 


where k = m/2, ¢ = (—1)/? and B; is the i*® Bernoulli number. For m not 
divisible by 4 there are exactly two classes in the genus of the form Ig, and 
Mass(I9) = 17/2786918400. 

We now say a few words on how Siegel’s formula is proved. The proof 
uses the theory of integration over the locally compact group G = O,(A) of 
orthogonal matrices with respect to S with coefficients in the ring of adeles 
A. The group Goo = Om(R) is compact in view of the positive definiteness of 
S. Thus G contains the compact open subgroup {2 = Gop X Il, G(S,), where 
G(S,) = O(Z,) is the orthogonal.group of the p-adic lattice As, = Ags @ Zp 
(preserving the quadratic form qs). The subgroup I = O(Q) of orthogonal 
matrices with rational coefficients is discrete in G and [9 22 = Aut Ag is 
the finite group of automorphisms of the lattice Ag. For every x = (4y)y € G 
with (v = p or v = oo) one can define a lattice As, such that As, ® Qy = 
Ly(Ag ® Q,). According to a version of the Hasse-Minkowski theorem, there 
is an isomorphism As, @Q = Ag @Q and the double cosets 2zxI of G modulo 
2 and I can be interpreted as Z-classes of forms S, (x € J). The finite group 
VY, = QAxlx! of order w(x) is the group of automorphisms of the lattice 
Ag,. Below a normalized Haar measure 7 on the group G will be constructed. 
This measure is invariant under both right and left group shifts, and has the 
property that the volume vol(G/I’) of the compact set G/T! = Uger Q2rI’/T 
is uniquely defined (not only up to a multiplicative constant). This measure 
is called the Tamagawa measure on G. The following formula holds 


vol(G/I) = S| vol(2/yz) = vol(2) » 


——. (3.60) 
rel rel w(x) 

Let g, y be closed subgroups of G and suppose that the volume vol(g/7) 
is finite. Consider a continuous function y with compact support on G/g, 
invariant under left shifts of the argument by elements of §2. For x € G put 
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Ne(y) = >> (zy). 
yer/y 


This sum is finite and depends only on the double coset 2rI". Consider the 
weighted average N(y) of the quantities N(w~) as x runs through I, 


“ _ Deer Ne(y)/w(t) 


N(y) = 3.61 
) = "Seer Hwa) ii 
Standard integration techniques then show that 
~ ] 
Gas sae (3.62) 


os YP 
vol(G/T) G/g 


assuming that the measures on the groups G and g and the homogeneous 
space G'/g are compatible. 

Siegel’s formula can be deduced from equation (3.62) by taking for g the 
orthogonal adelic group with respect to the quadratic module W over Q de- 
fined by the condition W @ (Ar ® Q) = As ®Q. For the group y we take the 
group of rational points in g, and the homogeneous space G/g is identified 
with the set of embeddings Ar ® A — Ag @A preserving the quadratic forms. 
For » one takes the characteristic function of the set of those embeddings 
Ar ® A — Ag ®A which take Ar ® Z, into As ® Z,. The quantities cm_n 
and Cm become the Tamagawa numbers T(Om-—n) and T(Om) respectively. 
For x = (ry)y € G the function v(x) = y(gz) has the form [[,, y(z_), where 
Yo. = 1 on Gog and Y,(zry) is the characteristic function of O,,(Z,). The 
integral in (3.62) is therefore equal to the product 


dasoT] | dtp, 
_ 7 I] Gp/Qp : 


where Gy = Om(Zp), Jp = Om-n(Zp), and one easily verifies that 


Qo (S,T) = / 


AL go; ap(S,T) = / dX p. (3.63) 
Goo /Joo 


Gp/9p 


Then the evaluation of 
T(Om) = vol(G/T) 


can also be made using (3.62) putting n = 1 and applying some known asymp- 
totic results for the representation numbers N(S,T) as t — oo. The latter are 
obtained for example by the circle method (the cases m = 2,3 must be treated 
separately). 

Now we describe the Tamagawa measure on G; formulae (3.63) follow from 
this description (Cassels J.W.S., Frohlich A. eds. (1967), chap. X). 

Let V be an algebraic variety over a number field K, which is a connected 
linear algebraic group. If dim V = n then there is a non-vanishing, left invari- 
ant n-form w on V defined over K. Any two of these differ by a multiplicative 
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constant A € K~. We now construct a measure on the group V(Ax) of adelic 
points of the variety V. For this purpose one must first fix a Haar measure j1, 
on the additive group K,, where v is a normalized valuation on K. In order 
to do this we set p,(O,) = 1 if v is non-Archimedean, du, = dx for K, = R 
(Lebesgue measure) and du, = |dz A dz| for z = x+iy € Ky = C. Then 
according to (2.3.42) one has u(Ax«/K) = |Dx|'/?, where Dx is the discrim- 
inant of K and p is the Haar measure on Ax defined as the product of local 
measures Ly. Define a measure w, on V(Ax) as follows. In a neighbourhood 
of a point P of V the form w is defined by the expression 


w= f(z) dxy A...Ad&n, 


where 21,...,27, are local parameters at P which are certain rational func- 
tions x; € K(V) and f € K(V) is a rational function regular at P. The 
function f can be written as a formal power series in the x;s with coefficients 
in K, because the variety of an algebraic group is always non-singular. If 
the coordinates of P belong to K, then f is a power series in the variables 
Li i. with coefficients in K,, which converges in a neighbourhood of the 
origin in K”. Thus there exists a neighbourhood U of P in V(K,) such that 
yp: x — (ti(x),...,tn(x)) is a homeomorphism of U onto a neighbourhood 
U' of the origin in AK”, and the power series converges in U’. In U' we have 
the positive measure |f(x)|, dt, -...- dt, where dt, -...-dt, is the product 
[ly X +++ X py on K”: we lift it to U using y and thus obtain a positive mea- 
sure w, on U. Explicitly, if g is a continuous real valued function on V(K,) 
supported on U then 


/ g Wy = / g(p~*(t)) dt, -...-dtn, 
U U! 
so that w, is in fact dependent on a choice of local parameters. If the product 


[[xo(v(o.)) (3.64) 


converges absolutely, then we define the Tamagawa measure by the formula 


_—— Dx 7"? | [ wv. (3.65) 


If the product (3.64) does not converge absolutely then one needs to introduce 
certain correcting factors 4, > 0, which ensure the convergence in such a way 
that the product 


II Ay We (V(O,)) 
ufoo 


will converge absolutely. The Tamagawa measure (with respect to {A,}) is 
then defined by the formula 
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r=|Dx|"/? |] Apter. | (3.66) 
Ns 


In any case, it follows from the product formula that 7 is independent of the 
choice of w: if we replace w by cw (c € K™) then (cw), = |c|Pw, and by the 
product formula (2.3.27) [[, |ely = 1. 

Let k(v) denote the residue field with respect to a non-Archimedean place 
v and let V’ = V @ k(v) be the reduction of V modulo the corresponding 
prime ideal p,, C O,. Then one can show, generalizing Hensel’s lemma, that 
for almost all v 


wy(V(O,)) = Nu~” Card V™(k(v)), (3.67) 


where Nv denotes the number of elements of k(v) and V“’)(k(v)) is the group 
of points of V‘’) with coefficients in k(v). 


Examples. If V = Gq (the additive group) then 
Wy(V(Oy)) = My(Ov) = 1; 


if V = G,, (the multiplicative group) then 


if V = GL, then 


if V = SL,, then 


The product 


converges for Re(s) > 1 but diverges at s = 1 (here Cx(s) denotes the 
Dedekind zeta function of K). The product [[,, w.(V(O,)) therefore converges 
for V = SL, but diverges for V = GL,,. In the latter case one could take 
for the correcting factors the numbers A, = 1 — NT: More generally one can 
show that if V = G is a semi-simple algebraic group then the product (3.64) 
converges absolutely and the correcting factors are not needed. The link be- 
tween Tamagawa numbers.and Siegel’s research in the arithmetical theory of 
quadratic forms was discovered by Weil in the late 50s. He formulated during 
this time a conjecture later proved by Kottwitz, saying that for a connected, 


simply connected, semi-simple algebraic group over a number field AK, which 
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contains no factors of type Eg, one has 7(V) = 1. For a connected, reductive 
group G over K it was proved by Sansuc and Kottwitz that 
|Pic(G)| 
7G) =] 
| U1 (G)| 
where III (G) is the Shafarevich—-Tate group and Pic(G) is the Picard group 
of the affine variety (linear algebraic group) G, cf. Kottwitz R. (1988). 


$4. Diophantine Equations and Galois Representations 


4.1. The Tate Module of an Elliptic Curve. Let E be an elliptic curve 
defined over a number field K. Then the Galois group Gx = G(K/K) acts 
on the group E,, of all points of order dividing n, E, = (Z/nZ)? so we obtain 
a Galois representation 


Yn: GR — GLlo(Z/nZ) = Aut Ep. 
Now let | be a prime number, n = /™. Set 


Ti(E) = lim Eym & Z?, (4.1) 


™m 


Vi(E) = T(E) ® Q = Q, 


where Z, is the ring of l-adic integers and the limit is taken over the set of 
homomorphisms Ejm — Ejm-1 which multiply each point by I. The corre- 
sponding homomorphism 


pi: GR — Aut Vi(E) = GL2(Q,) (4.2) 


is a continuous representation of the group Gx over the field Q;. Its image 
Im p, = G, is a closed subgroup of GL2(Z,) = Aut T;(E), and the Weil pairing 
(3.33) determines an isomorphism of det p; with the representation of Gx on 
the one dimensional vector space 


Vi(w) = Ti(u) @ QQ, Ti(2) = lim pam 


(the Tate module defined as the projective limit of roots of unity of |-power 
degree). 

It follows from recent results of Faltings that the Gx-module 7)(EF) 
uniquely determines the curve F& upto an isogeny. 

Serre discovered that the image Im , is as large as it could possibly be 
for almost all primes /. More precisely this image coincides with GL2(Z,) = 
Aut T;(E), provided that the curve E is not special in the sense that it admits 
no complex multiplication, or equivalently Aut(£) = Z. Moreover the index 
of the subgroup y,(Gx) in GLo(Z/nZ) = Aut E, is bounded by a constant 
which depends only on the curve EF and of the field K Serre J.-P. (1986a; 1972). 
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The occurrence of small images Im jp; is closely related to the existence of K- 
rational points of finite order (or of K-rational subgroups of such points). For 
example, if there exists a basis P,Q of the group E,, over Z/nZ such that the 
point P is K-rational, ie. P € E,(K), then P” = P for allo € Gx. Elements 
in the image y,,(Gx) are therefore represented by matrices of the form & *) 
in GLo(Z/nZ). If the subgroup (Q) is also K-rational, i.e. (Q)? = (Q) then 
elements in the image have the form G °). The result of Serre is therefore 
closely connected with the Mazur’s theorem on the boundedness of the torsion 
subgroup of an elliptic curve over Q (Mazur B. (1977)).*) 

Let A be an Abelian variety of dimension g defined over K. Then the Tate 
module is defined by 


T,(A) = lim Ker (A am A) & 729 


Vi(A) = Ti(A) ®@ Q = Q’, 
and we again have a Galois representation (see (3.48)) 


pi: GK — Aut Vi(A) & GSpo,(Q:). (4.3) 


Note that certain results are known on the maximality of the image of 
the Galois representation p; for higher dimensional Abelian varieties A with 
End A = Z (ie. without complex multiplication) Serre J.-P. (1986). 

The study of the image of p; is based on an examination of the reduction of 
the elliptic curve (or Abelian variety) modulo p,, where v is a finite place of 
k. The condition that & has good reduction E, = E mod py, is equivalent to 
the existence of an Abelian scheme E,,.over Spec QO, in the sense of Mumford 
(Mumford D. (1974)) whose generic fiber coincides with E (ie. Ey, Qo, Ky & 
E®xK,) and whose closed fiber is an elliptic curve (Abelian variety). Ey = 
Ey @o, k(v) over the residue field k(v) = O/p,. The (geometric) Frobenius 
endomorphism F,, of E, is defined by raising the coordinates of points on E, 
to their Nu = |k(v)|*® powers. 

Now let p, denote the characteristic of the residue field k(v) and let | be 
another prime number (not p,). Denote by G, (respectively I,,) the decom- 
position group (respectively, the inertia group) of some extension @ of v to 
a fixed algebraic closure K of K (compare with (2.4.2)). If E has good re- 
duction at v then ¥ defines (in view of Hensel’s lemma) an isomorphism from 
Eym to the corresponding subgroup of the curve E,,. In particular, the inertia 
group I, acts trivially on Ejm, T(E) and V;(E), so the action p;(Fr,) of the 
arithmetical Frobenius automorphism F’r, is well-defined (Fr, € G,/I,) and 
is the same as the action of the geometric Frobenius F, = Fg,,. One therefore 
has 

det o)(Fr,) = det (F,) = Nu = Card k(v), (4.4) 


and the quantity 


“In 1994 this result was extended to all number fields by Loic Merel (ENS, Paris) 
(footnote by A. Panchishkin). 
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det (le — pi(Fr,)) = det (1 — F,) =1—Tr Fy + Nv (4.5) 


is equal to the number Card E,(k(v)) of k(v)-points of the reduction Ey. 
Conversely, one has the following 


Criterion of Neron—Ogg—Shafarevich. Jf the Galois representation p;, is 
unramified at vu for some | # py then E has good reduction at v (Silverman 
J.H. (1986), Serre J.-P. (1987)). 


4.2. The Theory of Complex Multiplication (see Cassels J.W.S., Frohlich 
A. eds. (1967), Chapter XIII, Lang S. (1973), Shimura G. (1971)). One of the 
central aims of algebraic number theory was formulated in 1900 by Hilbert 
in Paris as his twelfth problem: that of finding an explicit construction of all 
Abelian extensions of a given number field K. For K = Q it is known (by the 
Kronecker—Weber theorem (comp. 2.1.2)) that the maximal Abelian extension 
Q*> of Q is cyclotomic, and that there is an isomorphism 


G(Q*/Q = |] Z. 


If K is an imaginary quadratic extension of Q then the theory of complex 
multiplication makes it possible to construct K®> using elliptic curves E with 
complex multiplication by K, and their points of finite order. By definition, 
one has for such curves End EF @Q=K.If E(C) = C/T for a lattice CC, 
then the endomorphism ring of & has the following form 


End & = {z€C\zr Cr} =O; =Z+4+ fOx C Ox, 


where Ox is the maximal order of K and f is an appropriate positive integer 
(in view of the fact that every subring of Ox has the form Z+ fOx for some 


f). 


Theorem. There 1s a one-to-one correspondence between elliptic curves E 
with a given endomorphism ring O; (upto isomorphism), and elements of the 
class group Cl Oy (i.e. the group of isomorphism classes of projective modules 
of rank one over Oy ). 


Indeed, if a lattice I corresponds to EF then I’ is an Oy-module such that 
@Q= kK, i. a projective Os-module of rank one. Conversely, every Of- 
module viewed as a lattice in C determines an elliptic curve C/I’ with the 
property that End(C/I’) is the ring of multipliers of I’, i.e. Of. Therefore the 
number hy of curves (upto isomorphism) with a given endomorphism ring Of 
is finite and its order is equal to Card Cl(Of). 

For each curve there is a canonically defined invariant 7(E) corresponding 
to E; if E is written in the Weierstrass form then this is given by 


172893 


j(B) = a, 
)= BIg 


E:y? = 42° — gox — gs. (4.6) 
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We now consider the case f = 1 in more detail. 


Theorem (Weber-—Fueter). (a) All the numbers j(E) are algebraic integers. 
(b) If a = j(E) is one of these numbers then K(a) coincides with the maximal 
unramified, Abelian extension of K and G(K(a)/K) = Cl(Os). The action of 
G(K(a)/K) on the set of numbers {7(£)} is transitive. 


There are precisely nine imaginary quadratic rings O; with f = 1 and hy = 
1, namely Z[,\/—d], where d = 1,2,3,7, 11,19, 43,67, 163. The corresponding 
elliptic curves have rational invariants in view of the Weber—Fueter theorem, 
and the values of j(£) are given respectively by: 


j —96 ; 3°. 96 ; 53 0, —33 . 53 pt? 915 , 33 


— 238. 39.58, 915. 93.58. 119, 218. 99.59.39. 992, 47 

In the general case f > 1 the numbers j(F) are also algebraic integers for all 
E with End(£) = Of, and for all o € Gal(K/K) one can explicitly describe 
the action of o on j(£). This description depends only on the restriction of o 
to K®», which is represented via the Artin reciprocity law by an idele s € Jx: 


olka =Wx(s), (Wx: Jn > G(K*"/K) — the reciprocity map). 


Furthermore if I’ is the lattice corresponding to a curve & then one can define 
a lattice s-1I: if s = (Sy)y (8. € KX) then s~'T is uniquely determined by 
the condition (s-'I’) @ O, = s;1(I' ® O,) for all finite v. 


Theorem. Let j(s~!I°) denote the invariant of the elliptic curve E' defined 
by E'(C) = C/s-1Ir. Then one has the following formula for the action of 
ao € Gal(K/K): 

j(E)’ = j(s“*T). (4.8) 


From this it follows that j(E) € K®>. To prove these theorems, one consid- 
ers the action of o € Gal(K/K) on the coefficients of the Weierstrass equation 
(4.6). One obtains as a result the following new curve: E° : y? = 4x3—g3 2-99; 
therefore j(£)? = j(£7). Clearly, one has End(£7) = End(£) = Of, and thus 
the set {7(E)°|o € Gal(K/K)} is finite and the numbers j(£) are all alge- 
braic. Consequently the curve E can be defined over an algebraic number field 
L. If the restriction of o to L is represented by a Frobenius automorphism for 
some v, 

o|L = FyK(v) = Fry, 


then the above formula (4.8) can be established using the reduction E- mod , 
where $B is a divisor in L which divides p,. Then this formula can be rephrased 
as Hasse’s theorem: 

j(E)"™ = j(py'l), (4.9) 
where p C Ox is a prime ideal of Ox defined by the conditions (p, f) = 1, 
py = OF OP. 
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The invariants j7(£) therefore generate an extension K,;)/K satisfying the 
property G(K(,)/K) & Cl(O+). However the field K = Us>iK(s) does not 
yet coincide with the whole of K®>, and in order to obtain K?> it is necessary 
to adjoin also to K(4) the coordinates of all points of finite order on some 
elliptic curve & with the property End(£) = Ox. More precisely, let E be an 
elliptic curve with complex multiplication, i.e. End EF @ Q & K, defined over 
a number field L > K. Then the image of the Galois representation 


pi: Gr — Aut V,(E) = GLo(Q;) (4.10) 


is an Abelian group which is contained in (Z; ® Ox)*, and the index of Im p; 
is finite and is bounded by a constant independent of |. By class field theory 
the representation factorizes through G2, and for each idele s = (sy), € Jz 
we can define an element p;(s) = pi(a), where o € Gal(K/K) is determined 
by the condition o|L?> = wz(s). It is not difficult to see that there is a unique 
continuous homomorphism e : J; — K™ with the condition e(7) = Nz/x%(z) 
for all x € L* and pz(s) = €(s)Nz,/x,(s1) for all s € Jz and all I. 

The Abelian l-adic Representations (4.10) and the action of Gz on the 
invariants j(£) describe explicitly the class field theory of the field K. We see 
also that in the complex multiplication case the group Im p; is Abelian and 
is therefore much smaller than in the general case. 

An analogous theory (in a less complete form) also exists for CM-fields 
(totally imaginary, quadratic extensions of totally real fields) and for Abelian 
varieties of CM-type, i.e. Abelian varieties A whose endomorphism algebras 
End A® Q are totally imaginary, quadratic extensions of totally real fields of 
degree g = dim A (Shimura G. (1971)). 


4.3. Characters of l-adic Representations. As we have seen, one can asso- 
ciate to each elliptic curve & defined over a number field K a system of l-adic 
representations p) : Gx — Aut T;(E£) = GLe(Z,) on the Tate module T;(E). 
Together (4.4) and (4.5) give the following important formula for the traces 
of Frobenius endomorphisms: 


Tr pi(Fr,) = Nu+1—-—N,(£), 
where Nu = Card(k(v)) is the norm of v, N,(E) = Card E,(k(v)) is the 


number of k(v)-rational points on the reduction E, modulo v. It turns out 
that the values of the character yp, = Tr p; form an interesting arithmetical 
function of the argument v. We shall later see that the list of examples of this 
sort is quite rich and contains for example the Ramanujan function 7(p); the 
numbers of representations of positive integers by positive definite quadratic 
forms, etc. It is known that the character of p uniquely determines this rep- 
resentation provided that p is a semi-simple representation, that is, a direct 
sum of irreducible representations. This semi-simplicity property was recently 
proved for the Tate modules of elliptic curves and Abelian varieties Faltings 
G. (1983), (1985), (1986), Parshin A.N., Zarkhin Yu.G. (1988). 
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A remarkable property of the characters x, of continuous finite-dimensional 
l-adic representations was discovered by Faltings in his proof of the Mordell 
conjecture: any such character x, is uniquely determined by a finite number 
of values 

Xo(Fry) = Tr p(Fry), (v€Q, Q a finite set), 


where Fr, denotes the class of a Frobenius element under the assumption that 
p is unramified for all v outside a finite set S of places of K. In this situation 
the representation p factorizes through a representation of the group Gg = 
G(Kgs/K), where Kg is the maximal extension of K unramified outside S. For 
each uv ¢ S the value yp(F'r_) is therefore well-defined. We shall now construct 
a finite set Q of places of K, QN S # Q, such that p is is uniquely determined 
by the values x,(Fr,) for v € Q. Let L/K denote the composite of all Galois 
extensions of K unramified outside S, which are of degree less than or equal 
to 12". Then by Hermite’s theorem (see 2.1.5), the extension L/K is finite. 
Now we choose an appropriate Q outside S such that the elements F’r, fill 
the whole Galois group G(L/K). The existence of such elements follows from 
the Chebotarev density theorem (2.4.3). We claim that the set Q constructed 
in this way satisfies the conditions of the theorem. 

Indeed, let p; and p2 be two different representations whose characters 
coincide on the elements F'r,,v € Q. Consider the representation 


p1 X p2: Zi[G] — Mn(Q:) x Mn(Q:) 


of the group algebra Z,[G]. Its image M is a Z,-submodule of rank < 2n?. 
By the construction of Q the elements p; x po(Fr,), v € Q generate M/IM 
as a vector space over F;, and consequently, the whole of M over Z; (by 
Nakayama’s lemma for finitely generated modules over a local ring, applied 
to the ring Z, see Bourbaki N. (1962), Samuel P., Zariski O. (1975)). Now 
consider the linear form 


f(a, a2) aps Tr(a1) = Tr(a2) (a1, a2 € Mn(Q:)) 
on M. By the assumption we have that 
Xp1 (Fry) = Xp2(Frv), VE Q, 


and therefore f(a1,a2) = 0 on the whole Z)-module M, because f = 0 on its 
generators (p1 X 92)(Fry) uv € Q. Therefore yp, (Fro) = Xp.(Frv), establish- 
ing the theorem, see Parshin A.N., Zarkhin Yu.G. (1988), Deligne P. (1983), 
Szpiro L. (1983). 


4.4. Representations in Positive Characteristic. Let E be an elliptic curve 
over a finite field k with q = p* elements. Consider its Tate module 


T,,(E) = lim Ker (E 2+ E) & 27, (4.11) 


where y = 0 or y = 1. In this way we obtain a representation defined by 
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Pp : Gal(k/k) > Aut T,(E), (4.12) 


in which the group Gal(k/k) is a (topologically) cyclic group. 

If T,(£) A 0 then End F @ Q is an imaginary: quadratic extension of K 
and End E& = Of for some f > 1, where Oy = Z+ fOx is a subring of the 
maximal order Ox of K. 

In this situation one can show that: 


1) the prime p does not divide the conductor f, 
2) p splits in K. 


In the case T,(E) = 0 we have that Dg = End E@Q is a division algebra of 
degree 4 (a quaternion algebra) over Q which at all primes | 4 p decomposes 
as Dg ® Q; & Mo(Q,). Also, End E is a maximal order in Dg. Curves with 
this property are called supersingular curves. 

In positive characteristic the endomorphism algebra becomes larger when 
there is a Frobenius endomorphism F, of E, which is a purely inseparable 
isogeny; its kernel and image have only one geometric point over k. In par- 
ticular, if Fy € ZC End EL, then also T,(£) = 0. For further information on 
points of finite order in positive characteristic, also in Abelian varieties, see 
Manin Yu.I. (1961), Lang S. (1973), Mumford D. (1974). 


4.5. The Tate Module of a Number Field (Shafarevich I.R. (1969), Iwasawa 
K. (1972), Coates J. (1973), Mazur B., Wiles A. (1983)). The Tate module 
of the Jacobian variety Jo of a curve C’ gives a functor from the category 
of curves over a field k to the category of Z,-modules. If k is finite then the 
field k(C) of rational functions on C' has much in common with a number 
field. Iwasawa has suggested an analogue of the Tate module for a number 
field K. The group Jjm can be interpreted as the Galois group of the étale 
covering C,, — C' of C, where C,, is the inverse image of C embedded into J, 
with respect to the morphism /’?. One verifies that the field Unk(Cym) is the 
maximal unramified, Abelian l-extension of k(C’). Its Galois group coincides 
exactly with the Tate module T}(Jc); this gives a reasonable interpretation 
of the Tate module for an algebraically closed field k. However if k is not 
algebraically closed (for example when k is a finite field) then k need not 
be algebraically closed inside the field k(Jjm). In particular the field k(Jjm) 
must contain roots of unity of the degree /™ since these are values of the Weil 
pairing. In the case of a finite field this is almost sufficient: that is, for a finite 
extension k’/k we have : 


b= Eo (Ua Jn)) = Ur (Cyn), 


where (jm denotes a primitive root of unity of degree /” and k is the algebraic 
closure of k. Indeed, the image of Gal(k/k) in T; C GlLa,(Z,) is a topo- 
logically cyclic group, whose intersection with the [-Sylow normal subgroup 
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S = {g € GLo,(Z:)|g = 1 mod 1} is an l-subgroup of finite index. Therefore 
on replacing k by a finite extension k’ of degree prime to the characteristic of 
k, the extension k becomes an l-extension of the finite field k’, i.e. 


k = (Jk (Gm). 


We see now that for a finite field of constants the Tate module 7} coincides 
with the Galois group of the composite Galois extension 


k(C) C k(C) c AM, 


where k = Umk' (Cm), A is the maximal unramified, Abelian l-extension of 
Taking this description as a starting point, we may extend the definition 
of the Tate module to the number field case. Let K be a number field, Ay, = 
K(Qm), K = UnKm, and AW) > K the maximal Abelian, unramified I- 
extension of K. Further let 


T;(K) = Gal(AM/K). (4.13) 


Then 7;(K) is a projective limit of l-groups (a pro-l-group), and is in particular 
a Z;-module. Iwasawa, who introduced this module (also called the Jwasawa 
module), has shown that V\(K) = T(K) ® Q, is a finite-dimensional Q)- 
vector space. Using class field theory one can describe T}(K) explicitly. One 
knows that the Galois group of the maximal Abelian, unramified extension of 
a number field D is isomorphic to the class group Clz. Denoting by ol) the 
l-component of this group, one obtains the following description: 


T)(K) = lim Cl? , 


where the inverse limit is taken with respect to the norm maps of ideals. 

On T;(K) we have an obvious action of the Galois group Gal(K/K) and its 
subgroup I’ = G(K/K,) & Z;. On a class represented by an ideal a € Cl: 
this action is given by a + a9, (g € G(K/K)), and for the corresponding 
h € Gal(AM /K) the ideal a9 corresponds under class field theory to g~'hg 
(in view of (2.4.21)). 

Iwasawa regarded T;(K) as a module over the group ring A = Z,|I| = 
Zi|[T|| (the ring of formal power series over Z;). Just using his classification 
theory for such modules, he obtained the following formula for the orders of 
the groups Ci, which is valid for m > mo: 


log, ic | = xm + pl™ + const. (4.14) 


Under some additional assumptions he described explicitly the module 
Ti(Q) for all | < 4001. This module turns out to be cyclic, and one can 
even find a generator of its annihilator. Essentially, this generator coincides 
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with a product of the l-adic L-functions of Kubota and Leopoldt (Iwasawa K. 
(1972), Kubota T., Leopoldt, H.-W. (1964), Shafarevich I.R. (1969), Kuzmin 
L.V. (1984)). 

The validity of the corresponding statement in the general case (the “Main 
conjecture” of Iwasawa theory) was established in 1984 by Mazur and Wiles 
for Abelian fields (Mazur B., Wiles A. (1984)). 

In the works of Ferrero and Washington (Ferrero B., Washington L.C. 
(1979), Ferrero B. (1978), Washington L.C. (1982)) another conjecture of Iwa- 
sawa, was proved, which says that for each Abelian extension K/Q and each 
prime I, the invariant pz of the module T;(K) vanishes. This result implies that 
T;(K) is a finitely generated Z;-module. Washington’s conjecture, according to 
which the orders of the groups Cle stabilize in the cyclotomic Z)-extension 
of an arbitrary Abelian field for | 4 p, was recently proved (Washington L.C. 
(1978)). 

Recently the methods of Iwasawa have been considerably extended in fur- 
ther research related to the study of A-modules of various kinds: those aris- 
ing from Selmer groups of Abelian varieties (Mazur modules) see Manin Yu.I. 
(1971), (1976), (1978), Mazur B. (1977), (1979), (1983), (1986), and also those 
arising from elliptic units in Abelian extensions of fields of CM-type Mazur B. 
(1983), Robert G. (1973), and the ones arising from Heegner points on mod- 
ular curves (Kolyvagin V.A. (1988), Coates J. (1973), (1984), Gross B.H., 
Zagier D.B. (1986), Mazur B. (1983), Mazur B., Wiles A. (1983)). 

New approaches to proving the main conjecture and its generalizations 
in various situations were recently discovered by V.A.Kolyvagin (1990), who 
proposed the more general concept of an “Euler system”, which makes it 
possible to deal with all known cases from a unified point of view. 


Chapter 4 
Zeta Functions and Modular Forms 


$1. Zeta Functions of Arithmetic Schemes 


(see Shafarevich I.R. (1969), Serre J.-P. (1965)). 


1.1. Let X be a scheme of finite type over Spec Z (see §1 of Chapter 3). 
Then the closed points x € X are those which satisfy the condition that the 
corresponding residue field R(z) is finite. The cardinality of R(x) is called the 
norm of x and is denoted by N(x). The set of all closed points of X is denoted 
by X. For the moment we shall think of this as a discrete topological space. 
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Fig. 17 


The zeta function of X is defined to be the Euler product 
¢(X,s) = [] @-N(z)*)*. (1.1) 
rex 
In the case X = Spec Z definition (1.1) leads to the Riemann zeta function 
¢(s) in view of Euler’s identity: 


(s)= Son? =][f(i-p*) (1.2) 
n=1 p 


For an arithmetic scheme there are only finitely many points with a given 
norm, so the product (1.1) is a formal Dirichlet series )y°_, ann~* with inte- 
gral coefficients. 


Theorem 1.1. The product (1.1) is absolutely convergent for Re(s) > 
dim X, where dim X is the dimension of X (see §2 of Chapter 3). 


The proof of this fact can be reduced to the following special cases: 


(a) X = Spec Z[T},...,T,|. The product then takes the form: 
¢(X,s) = [[G-p**)"? = ¢(s—n); (1.3) 
p 
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(b) X = Spec F,[Th, ..., T,]. We then have 


((X,s) = (1—p?*) (1.4) 


Equation (1.3) is implied by (1.4), which can in turn be obtained from the 
following calculation of the number of closed points of an arbitrary variety X 
over a finite field F, (q =p’). 

Let n, = Card{x € X | N(x) = q* } be the number of closed points with 
norm q* and 4 = Card X (IF,:) the number of geometric points with values in 


F,, i.e. the number of morphisms Spec Fy: — X. 


Lemma. The numbers 4, and nx are finite and are related by the following 
formula 


4 = _ kne. (1.5) 


This fact is implied by the observation that for a given z € X there are 
precisely 1/k field embeddings F,. — R(z). 
We now obtain the following identities: 


CO 


¢(X,s)= [Ja-a")™, » 


k=1 


log ¢(X,s) = — > ng log(1 — q7**) 


k=] 
k=1 m=1 un 


. (1.6) 
( nk —lIs 
ee Oe L 
Ril 


(Here we replaced the variable | by km, taking (1.5) into account. ) 
If X = Spec F,[T},..., Tn] then 1 = q'” (the number of points of the affine 
space A” over F,.). Hence for g = p we have 


ee pir & p7s-n) 
log ¢(A¥, 8) = — })5-- pT" =~} — = —log(1 —p"™*), 
l=1 I=1 


establishing (1.4). | 
In both cases (1.3) and (1.4) for Re(s) > dim X the product in (1.1) 
converges absolutely. 
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Similarly we see that (see Shafarevich I.R. (1969)) 


¢(Pg,,s)= [[Q-pe-™)3, 


m=0 


=|] []a-e em) = TT (sm). 
p m=0 


m=0 


(1.7) 


1.2. Analytic Continuation of the Zeta Functions. It is thought that the 
functions ¢€(X,s) can all be analytically continued onto the entire s-plane C. 
The validity of this conjecture has been verified for many varieties. However 
in the general case only the following weaker result is known. 


Theorem. The function ¢(X,s) has a meromorphic continuation to the half 
plane Re(s) > dim X — 3. 


The singularities of ¢(X,s) in the strip dim X — 5 < Re(s) <dim X are 
described by the following theorem: 


Theorem. Let us assume that X is irreducible and let R(X) be the residue 
field of its generic point. Then 


1) If Char R(X) =0 then the only pole of ¢(X,s) for Re(s) > dim X — 3 
is at the point s = dim X, and this pole is simple. 

2) If Char R(X) = p > 0 and q is the highest power of p such that R(X) 
contains F, then the only singularities of the function ¢(X, s) for Re(s) > 
dim X — 3 are simple poles at the points 


2Tin 


s=dim X + 
log q 


(n € Z). (1.8) 


Corollary 1. For each non-empty scheme X the point s=dim X is a pole 
of ¢(X,s), whose order is equal to the number of irreducible components of X 
of dimension dim X. 


Corollary 2. The domain of absolute convergence of the Dirichlet series 
¢(X,s) is the right half plane Re(s) > dim X. 


Theorems 1.2 and 1.3 are deeper than theorem 1.1. Their proof is based 
on the analogue of the Riemann Hypothesis for curves X over Fy established 
by Weil (Weil A. (1949)), Serre J.-P. (1965), Nisnevich L.B. (1954), Lang S., 
Weil, A. (1954). 


1.3. Schemes over Finite Fields and Deligne’s Theorem. If X is a scheme 
over F, then for all x € X the field R(z) is a finite extension of F,. Hence 
N(x) = q%&* for some number deg zx, called the degree of x. In studying 
¢(X,s) in this case it is convenient to use the new variable t = q~°. We write 


¢(X,s) = Z(X,q -*), (1.9) 
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where Z(X,q~*) is the power series given by the product 
Z(X,t) = [] a7)". 
rEeX 


If np = Card{x € X | degx = k} and 4 = Card X(F,) then we have seen 
that 


log Z(X, t) =- dont, y= S— kne, (1.10) 
kl 
hence 
Z'(X,t) od 
t—*—"* = t— log Z(X, 1.11 
Fy a ee = dont ey) 


Equation (1.10) is often taken as the definition of the zeta function, and one 
writes 


l 
Z(X,t) = exp I. Card X(F, of (1.12) 
l=1 

A remarkable property of the zeta function Z(X,t) is its rationality in 
the variable t. This was first established by B.Dwork (1960). The rationality 
statement has a direct arithmetical interpretation: the numbers 1, i.e. the 
numbers of solutions of a certain system of algebraic equations in finite fields 
must satisfy a recurrence relation of the type: 


n-—1 
Vien = 5 TV 4i 


~=0 


for sufficiently large |, where n and the 7; are certain constants. It is easy 
to check that the rationality of the function Z(X, t) is also equivalent to the 
existence of finitely many complex numbers a;, 8; such that 


= >; — Ke: (1.13) 


for all | > 1. Indeed, this is obtained from the logarithmic derivative of the 
identity: 
[1,1 — ait) 
Z(X,t) = =~ 
IT ;(1 — Bt)’ 
taking into account (1.11). 
A fundamental role in the study of Z(X,t) is played by the fact the number 


v, can be represented as the number of fixed points of a certain map F* acting 
on the set of geometric points X (F,). 


Definition. The Frobenius morphism F' : X — X of a scheme X over 
F, is defined on each open affine subscheme Spec A C X using the ring 
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homomorphism a ++ a‘; on the topological space X the morphism F acts as 
the identity map. | 


The consequent self-map of sets of geometric points (not the same thing!) 
is written 
F: X(Fy) — X(Fy) (1.14) 
and the set X(F,«) coincides with the set of fixed points of F* : X(Fy) > 
X(F,): a point » € X(F,«) is represented by a morphism y : A — Fy, where 
Spec A is an open affine subset containing y(Spec F,). The point F*(~) is 
defined by the homomorphism 


frey(f)? (fe A). 


We see that the condition y €.X(F,) is equivalent to saying that Im y C 
Fj. CF, and y(f) = y(f)t because Fj. = {x €F, | r= ot}. 

The rationality of the zeta function was a part of a series of conjectures 
stated by Weil in 1949. Dwork’s proof of the rationality was a significant step 
towards proving these conjectures in general. The final step was made by 
Deligne in 1973 who proved the so called “Riemann Hypothesis” for algebraic 
varieties X/Fq. 

For a smooth projective variety X over F, of dimension d the Weil conjec- 
tures can be stated as follows: 


W1) Rationality: 
P,(X,t)+...+ Poa—1(X, t) 
Po(X,t)+...+ Pog(X,t) ’ 
where d = dim X and P,(X,t) € C[t] for all r = 1,2,...,2d and 
PAX, 0) = 1. 
W2) Integrality: 


Z(X,t) = (1.15) 


Po(X, t) =1- t, Pog(X, t) =1- q*t, (1.16) 


and for r = 1,2,...,2d we have that P,(X,t) = [[(1 — w,,.t), where 
W, t) are certain algebraic integers. 
W3) The Functional Equation: 


Z(X,1/q%t) = +q%/t*Z(X, t), (1.17) 


where yx is the Euler characteristic of X, which can be defined purely 
algebraically as y = (A- A) (the self—intersection number of the diagonal 
AcxxX). 
W4) The Riemann Hypothesis: The absolute value of each of the numbers 
w, it and their conjugates are equal to g’/?. 
Degrees of polynomials P,(X,t): If X is the reduction of a smooth pro- 
jective variety Y defined over a number field embedded in C, then the 
degree of P,(X,t) is equal to the r*® Betti number of the complex variety 
Y(C). 


W5 


eee” 
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In the case when X is a smooth projective curve over F, these properties 
were established by Weil, and in particular we have that 


(1.18) 


where L(t) = Rene — wt) € Zt] (g is the genus of the curve X), and 
|wi| = --- = |waal = ./g. Using the relations (1.11) and (1.13) we have 


2g 
Card X(F,«) =q* +1-— o 
oer) =a 2 (1.19) 


|Card X (Fy) —q-1| < 29. 


An elementary proof of (1.19) was found by S.A.Stepanov (1974) (cf. 
Stepanov S.A. (1984), Bombieri E. (1974)). 

The proof of the Weil conjectures is based on an idea from the theory of 
compact topological varieties. If F’ is a morphism acting on such a variety 
V then for the number v(F) of fixed points of F (appropriately defined) the 
famous Lefschetz fixed-point formula holds: 


dim V 


V(F)= SY (-1)'Tr Flav) (1.20) 
1=0 


(the summands are the traces of the linear operators induced by F' on the 
cohomology groups H*(V)). In this situation one can define an analogue of (the 
logarithmic derivative of) the zeta function $-7° , v(F*)t*. It is not difficult 
to calculate the sum of this series. Let (a4; );=1,...,.4, be the characteristic roots 
of the linear operator H*(F) = F|yicy) on H*(V) and 6; = dim H‘(V) the 
Betti numbers; then 


b; dim b; 
Tr Flaw) =) 4,  ¥(F*)= Bee 1 Do, 
j=l i=1 


j=l 
and hence 
00 dim V bi 00 
Soret =F Cede (Sah 
k 4=1 g=1 k 
dim V b; ak 
= —1)' = | 
ea (1.21) 
i=1 j=1 
dim V 


= (—1)' +S flog — aye)" 
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The series Z(t) is determined by the conditions Z7(0) = 1 and 


2 Z'(t) a 
Soa ak 


and it follows from (1.21) that 


_j)i-1 
dim V =e 


bi 
Z(t) = I] [] a asst 


a=1 


We see that in this model situation the Z-function is rational and can be 
calculated very explicitly. Using this fact Weil proposed conjectures W1)- 
W4) and proved these conjectures for curves and Abelian varieties. For these 
varieties he introduced an analogue of the group H'(X) and proved a Lef- 
schetz fixed—point formula of the same type as in the topological situation. 
The analogue of H1(X) is provided by the Tate module T;(Jx) of the Jaco- 
bian variety of the curve X (resp. of the given Abelian variety). In the general 
case analogues of the (topological) cohomology groups H* were constructed 
by Grothendieck (the étale cohomology groups H?,(X,Q,)). In order to do 
this he modified the very notion of a topological space, which was replaced 
by a certain category (in the topological situation objects of this category 
are open sets, and morphisms are inclusions). The larger category used by 
Grothendieck was called the étale topology. 

The use of the groups H?,(X,Q),) and more generally cohomology groups 
of sheaves (in the étale topology) made it possible for Deligne to prove the 
conjectures of Weil (see Deligne P. (1974), (1980b), Katz N.M. (1976)). 


1.4, Zeta Functions and Exponential Sums. (Katz N.M. (1976), (1988), Sha- 
farevich I.R. (1969)). A traditional method for counting solutions to congru- 
ences or systems of congruences is related to exponential sums. Formulae for 
the quantities 1, = Card X(Fj) can be obtained using Dirichlet characters 
x: FX — C% (ie. multiplicative characters of F}). Let ¢ denote the trivial 
character which is constant function 1 on the whole set F,. If m divides g — 1 
then one has the relation 


Card{z € F, | 2” =a} = s> x(a). (1.22) 


x™ =e 


Now consider the Gauss sum of a non-trivial character y, 


a(x) = > x(x)¢™™, 


ceFx 


where Tr : F, — F, is the trace and ¢ is a primitive p*” root of unity. 
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In the work of Hasse and Davenport of 1934 an interesting relation was 
found between exponential sums over finite fields and zeros of zeta functions 
(Davenport H., Hasse H. (1934)). 


Example The zeta function of a hypersurface. Let 
X :aolg’ + a1Ty” +--+ +anT,” =0 


be a hypersurface in P” over F,, where do, @1,...,@n € Ke and g=1 mod m. 
Then we have that 

P(t)&-)" 
(1 —t)(1 — qt)---(1 —q”~'t) 


where P(t) denotes the polynomial 


II (: = (-1)"*¥=x0(ag3) xn(an}t) | 


XO Xi Xn 


Z(X,t) = (1.23) 


and X0,X1,°'';Xn run through all possible (n + 1) - tuples of Dirichlet char- 
acters satisfying the conditions 


NEF Ss i Se, XoX1':-:'Xn = E. 


The proof of formula (1.23) is based on counting the quantities y, = 
Card X(F,:) using relations between Jacobi sums and Gauss sums, and the 
Davenport - Hasse relations: for a non - trivial character x of Fy let us define 
the character x’ = xON of the field F,., where N : Fj: — Fy is the norm map. 
Then the following relation holds: 


—9(x’) = (-9(x))/. (1.24) 


Relation (1.24) makes it possible to find explicitly the numbers a; and (; such 
that for | > 1 one has: 


Card X(Fy) = > 6} - Sai, 
j 1 


and (1.23) is then implied by (1.13). 

Classically estimates for exponential sums were used to obtain estimates 
for the number of geometric points of varieties over finite fields. Conversely, 
one can effectively use the estimate W4) of the Weil conjectures to study 
exponential sums of a rather general type. We give only a simple example 
(Shafarevich I.R. (1969), p.87). 

Let f(T) € F,|T], 0 < deg f =m < pand ¢? = 1,¢ #1. Then the following 


estimate holds: : 
we 
| Si 
xz=0 


< myQ. (1.25) 
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In order to prove (1.25) let us consider an auxiliary curve y? — y = f(z). 
Let us denote by X the curve obtained by a desingularization of its projective 
closure. Consider the projection X>P! given by (x,y) + x. Then 


[]a-N©o~)' = T] [] a@-novy?. (1.26) 


EEX 2€P' n(€)=xr 


The equality 7(€) = 00 is satisfied for a single point € € X and the correspond- 
ing factor in the product (1.26) is equal to 1—p~°. If 7 4 co then the equation 
y” — y = f(x) is solvable. in the field F,(xo) with € = (xo, yo) so that there 
are exactly p solutions yo, yo + 1,..., yo + p — 1 with norm N(zo). In this case 
the corresponding factor in the inner product is equal to (1 — N(z)~*)~!. The 
solvability of the equation y? — y = a in F,(a) is equivalent to the condition 


dega-1l 
Trp, (a)/F, (2) = 0, 1.e. S- a?’ = 0, 
i=0 
or : ; 
> Fay = Dd f@")= do fl), 
4 4 P(x)=0 


where in the last sum x runs through all of the roots of the irreducible polyno- 


mial P associated with a closed point 7(€) € P \co. Hence the inner product 
in (1.26) can be transformed into the following 


p—l 
[[G-x(Py"N(P)-*)? 
r=0 
where 
x(P) =O, =O Nae, 


P(x) 


Putting t = p-* we see that 


Z(X,s) = ao] Ta — Pyne) ve 


P r=0 


where P runs through all irreducible monic polynomials in F,|¢]. Extracting 
the factors with r = 0 we obtain: 


Z(X,t) = Tl [[@—-x(Py"N(P)-*)*. 
(1 —t)(1 — pt) — pt) r=1 P 
For each monic polynomial G we put 


MG)= SO f(z), x(Q= OO. 


G(x)=0 
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The function x is multiplicative, so we obtain the equation 
LAS |[0=x@yl"")* = Ss 1G es: 
i a G 


One verifies easily that L,(t) is a polynomial and deg L,(t) < deg f, and the 
coefficient of t is equal to 


p—1 
y y"(T _ a) ss eS CAG) - yc. 
a€F, aeéF, a=0 


However, each of these sums is equal to a sum of some (inverse) roots of the 
function Z(X,t). The number of these roots is equal to deg L,(t) < deg f, and 
the absolute value of each root is less than or equal to ,/p, so that estimate 
(1.25) follows. 

Applications of cohomological techniques and of methods from representa- 
tion theory to the study of exponential sums of general type were considerably 
developed in the work of N.M.Katz (1976), (1988), Katz N.M., Laumon G. 
(1985), of Deligne and other mathematicians in the 70s and 80s (Deligne P. 
(1974), (1980b), Brylinski J.L. (1986)). In this research an exponential sum 
is interpreted as the trace of a certain operator (the Frobenius operator or 
the monodromy operator) acting on the space of global sections of a specially 
constructed sheaf on an algebraic variety. Thus, the general exponential sums 
can be constructed using cohomology groups with compact support on an ap- 
‘propriate Artin-Schreier covering W of an affine variety V. Then estimates 
on the exponential sum can be reduced to the Weil estimate W4) applied 
to a smooth compactification of W provided that this compactification exists 
(above we have considered an example for curves). In the general case it is not 
even known whether such compactifications exist. However this difficulty can 
be coped with using the technology developed in the second part of Deligne’s 
paper on the Weil conjectures Deligne P. (1980b), which contains a vast gen- 
eralization of these conjectures. This generalization gives absolute values of 
the Frobenius elements acting on cohomology with compact support on gen- 
eral varieties, whereas the original formulation of the conjectures concerns 
essentially the constant sheaves on smooth projective varieties. Impressive ex- 
amples of the use of Deligne’s generalizations of the Weil conjectures were 
given by N.M.Katz (1988) in the interesting case of the multi-dimensional 
Kloosterman sums of type 


Oni 
Kl(p,n,a) = S> exp (Sa +. a») 


X1,.-,Ln mod p: L4°....en=amodp 


by proving their important equidistribution properties with p fixed and vary- 
ing a. For an l-adic sheaf on an algebraic curve the equidistribution properties 
of the traces of local Frobenius elements were naturally formulated in terms 
of a certain algebraic group Ggeom Over Q, which is defined as the Zariski 
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closure of the image of the geometric fundamental group in the corresponding 
l-adic representation. Under rather general assumptions on choice of an em- 
bedding of Q, into C one obtains a complex algebraic group Ggeom(C), and the 
Frobenius elements correspond to certain points in the space K" of conjugacy 
classes in a maximal compact subgroup K of Ggeom(C). The equidistribution 
property is to be understood in the sense of a measure p® on K* obtained 
from the Haar measure on K. For the multi-dimensional Kloosterman sums 
this construction leads to groups 


Geom = Sp(n) for even n and arbitrary p, 
Ggeom = SL(n) for odd pn, 
Geom = SO(n) for p = 2 and odd n > 3,n $ 7, 
and 
Geom = Go(n) forp=2 and n=7. 


These methods can be used to study of the equidistribution of the argu- 
ments of Gauss sums of the type 


_ AY xX") _ 1 ae 2 
O(a) = WG Yi 2 V(z)x"(x),  [@(a)| = 1, 


where w is a non-trivial additive character of F,, x a generator of the cyclic 
group of multiplicative characters of FT and 1 <a < q— 2. Katz also proved 
that for a fixed r > 1 the r-tuple of angles 


(0(a+1), 0(a+2), ---,6(a+r)) €(S")" 


for 0 <a < q—2-—r becomes equidistributed with respect to the Haar measure 
on (S1)" as q > ©. 

An interesting construction of the l-adic Fourier transform for sheaves on 
A, was suggested by Brylinski and Laumon (Brylinski J.L. (1986)). 
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2.1. L-Functions of Rational Galois Representations. Let K be a number 
field, X’x its set of places (classes of normalized valuations) and 


Ge = Cl) (2.1) 


a representation of the Galois group Gx = Gal(K/K) in a finite dimensional 
vector space V over a field F' of characteristic zero, which we shall usually 
assume to be embedded in C (in examples and applications we shall use F = 
Q;,C or Q). We call p unramified at a non—Archimedean place v if for all 
places w of K dividing v one has p(I‘)) = {1y}, where I‘”) is the inertia 
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group of w over v. In this case the representation p can be factorized through 
the quotient group 


GY) /T) & Gay = Gal((Oz/pw)/(Ox/pv)), 


where G') is the decomposition group of w over v and G,,,) the Galois 
group of the algebraic closure Oz/p, of the residue field k(v) = Ox/py. The 
group G4 ,) is canonically generated by the Frobenius automorphism F'r,, 
Fr,(x) = «N”. Choosing a different place w above v will lead to the element 
p(Fr,) being replaced by a conjugate element. Hence the conjugacy class of 
the Frobenius element F, , = p(Fr,) is well defined, and we write 


P,,p(t) = det (ly —t- Fy) (2.2) 


for the characteristic polynomial of this element. Suppose that FE is a number 
field embedded in C. We call the representation p rational (resp. entire) over 
F if there exists a finite number of places S C 2x such that 


a) for all v € X’x\S the representation p is unramified at v, 
b) the coefficients of P, p(t) belong to EF (resp. to the maximal order Og of 


Let s be a complex number and v ¢ S. We have 


d 
P,,p(Nu~*) = det (ly — Nu-*F,,p) = [](1— AuvNv-*), 


i=1 


where d = dimx V and );,, are algebraic numbers viewed as complex numbers 
via a fixed embedding 2:Q—C. 
Let us define the L-function of a rational representation: 


L(p,s) = |] Pup(No7*)7?. (2.3) 
vEgS 


This is a formal Dirichlet series )\--_, ann~* with coefficients in EZ. In all 
known cases there exists a real constant c such that |\;,p| < (Nv)°, which 
implies the absolute convergence of the series (2.3) in the complex right half 
plane Re(s) >1+e. 

There are various methods of completing the product in (2.3) at places 
v € S. The purpose of such a completion is to obtain an L-function satisfying 
a certain nice functional equation. If v is a non—Archimedean place then one 
considers the subspace V(v) consisting of elements fixed by the inertia group 
I) for w above v. If p is ramified at v then V(v) 4 V (and possibly, V(v) = 
{0}. The conjugacy class of p(F'ry)|yv(y) and its characteristic polynomial 


Py, p(t) = det (yw) = tFy plv(v)) 


are then well defined, and the degree of the latter is smaller than d. Put 
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L,(p, s) = PrNe 


If v is an Archimedean point then a good definition of L,(p,s) depends on 
an additional structure (e.g. a Hodge structure) on the vector space V. In this 
case the v-factors can be expressed in terms of the following I’-factors: 


Tp(s) = 178/?T(s/2), Ie(s) = 2(2ri)~8I'(s). (2.4) 


These factors play an important role in the study of the functional equations 
satisfied by L-functions. If we put 


A(p, s) a EAC s), (2.5) 


then in important examples it is possible to prove that the function (2.5) 
admits an analytic continuation onto the entire s-plane and satisfies a cer- 
tain functional equation relating A(p,s) and A(p’,k — s), where p” is the 
representation dual to p and k is a real number. 


Example. If x is a primitive Dirichlet character then in view of the 
Kronecker—Weber theorem there is associated to x a one dimensional rep- 
resentation p, : Gg — C* such that 


L(py,8) = |]. — x(p)p~*)7* = L(s,x) = D> x(n). 


Let 6 be zero or one so as to satisfy y(—1) = (—1)°. We then have that 


A(py, 8) = I'(s + 6) L(py, 8) = €(8, x); 


and the following functional equation holds: 


C 
—s)=i9 Ss .6): 


where C,, is the conductor of y and g(x) is the Gauss sum of x. The function 
€(s, x) is holomorphic on the entire s-plane for nontrivial characters y. If x is 
trivial then €(s) = 7~*/2I"(s/2)C(s) has a simple pole at s = 1, and satisfies 
the functional equation 


(1 — 8) = (5). (2.7) 


2.2. The Formalism of Artin. The definition of the Z-functions L(p,s) de- 
scribed above is due to E.Artin (1930), who studied. representations with a 
finite image Im(p). In this situation the reprepresentation p is always E- 
rational for some number field E, and is semi-simple (by Maschke’s theorem). 
Hence p is uniquely determined (upto equivalence) by its character x, (Tr p(g), 
g € Gx). If p is an arbitrary rational representation then the function L(p, s) 
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is uniquely defined by its character xp. This can easily be seen by taking the 
logarithmic derivative of the series (2.3) 


: aes it ==) 2 > ry log(Nv)Nu~™* 


aes i=1 m=1 
mm. \ log(Nv) 


= a See ) 


where f'”, denotes the conjugacy class of the m*) power of the Frobenius 
element F’, y. In view of this fact one often uses the notation L(x,,s) = L(p, 8). 
If 


(2.8) 


pi:Gx —> GL(V;) (6 =1,2) 


are two rational representations with characters x; = Tr p; then one can 
construct from them the further representations 


pP1 Bp2: Ge — GL(V; @ V2), 


2.9 
P1 @ p2: GK —> GL(V, @ V2). ee) 


whose characters are equal to x1 + x2 and x1 - x2 respectively, We have that 


L(x1 + X2,8) = L(x1, 8) L(x2, §). (2.10) 


If K'/K is a finite extension and p’ is a Galois representation of K' with 
character x’, then one can define the induced representation p = Ind p’, whose 
character is given by the formula: 


xg= dS x'(y*97), (2.11) 


where 7 runs over a full set of representatives of left cosets, and it is assumed 
that x’ is extended by zero to the whole group Gx. 
In this notation the following equation holds 


L(p,s) = L(p',s). (2.12) 


If K'/K is a finite Galois extension then Gx: is a normal subgroup of finite 
index in Gx. Then for any representation p of Gx rational over EF we define 
its restriction to the subgroup Gx : py = Res p, p1 : GK — GL(V). Then 
one has the following factorization formula due to Artin: 


L(1,s)= |] = L@py,s)***, (2.13) 
xElrr G(K'/K) 


where the product is being taken over the set of characters x of all irreducible 
representations of the quotient group G(K’'/K) = Gx/Gr:, degx = x(1) 
(it is assumed that the field FE contains all values of characters y, which are 
certain roots of unity). 
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In the general case the representation p can always be replaced by its semz- 
simplification p, which has the same character. In order to define this consider 
the composition series 


VeVO 5 VY S25 VM = {0}, 


of p-invariant subspaces with irreducible factors V / vit) (0<i<m-l). 
Then the representation 6 of Gx in the space 


V =VO/VO @VO/VO @---@VOr—D yor (2.14) 


is semi-simple, E-rational and has the same character as p. Furthermore it is 
uniquely determined (upto equivalence) by its character. 

The representation p : Gx —> GL(V) is called Abelian if Im p is an 
Abelian group. In this case we may consider p as a representation of the 
group G2? = Gx /G%,, where G% is the commutator subgroup of Gx (i.e. the 
minimal closed subgroup containing all commutators) p : G3? —+ GL(V). 

We have already met in §3 of Chapter 3 certain examples of such rep- 
resentations (on the Tate module V;(£) of an elliptic curve with complex 
multiplication, and on the one dimensional Tate module V;() = Q,(1) of 
l-primarily roots of unity). 

If Im p is a finite group (not necessarily Abelian) then for a finite Galois 
extension K'/K one has Ker p = Gx: and one uses the notation 


L(s,x, K'/K) = L(p,s), (2.15) 
where x is the character of the corresponding representation 
p: Gal(K'/K) — GL(V). 


The functions L(s,y,K’/K) are usually called Artin Z-functions; they can 
be reduced to products of Abelian L-functions of extensions of K using the 
formalism of Artin and the famous theorem of Brauer: if xy is a character of 
a representation of a finite group G over C then there are cyclic subgroups 
G; C G and one dimensional characters x; of G; such that 


x= So aIndé,x (ai € Z). (2.16) 


If G = G(K'/K) then G; = G(K'/K;) and it follows from the relations (2.10) 
that 


L(s,x, K’/K) = || L(s, xi, K'/Ki)™. (2.17) 


The analytic properties of Abelian L-functions are well known and they are 
analogous to the corresponding properties of the Dirichlet L-series: all of the 
functions L(s, x;, K’/K;) can be meromorphically continued onto the entire 
complex plane, possibly with a simple pole at s = 1 for trivial characters y;. 
This implies the existence of a meromorphic analytic continuation of arbitrary 
Artin L-functions. The famous Artin conjecture says that for a nontrivial 
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irreducible character y of G = G(K'/K) the function L(s, y, K’/K) is always 
holomorphic. 

However this conjecture seems to be very difficult in general, as is the 
generalized Riemann hypothesis which says that all zeroes of the function 
L(s,x,K'/K) lying in the strip 0 < Re(s) < 1 are actually on the line 
Re(s) = .. The difficulty with the Artin conjecture is related to the fact that 
one lacks the non-local definition of the Dirichlet series representing (2.17). In 
the Abelian case such a description follows from the fact that the coefficients 
of the Dirichlet series are “periodic” modulo a positive integer (or modulo an 
integral ideal of a number field). However in a number of interesting cases the’ 
Artin conjecture has been proved using the Mellin transforms of automorphic 
forms. A general global description of Artin L-series in terms of automorphic 
forms is given by the Langlands programme (see §4 of this chapter). 


2.3. Example: The Dedekind Zeta Function. Let X = Spec Ox where Ox 
is the maximal order of K. The Dedekind zeta function of K is the following 
Euler product 

Cx(s) = ¢(X,s)= |] (1-Np-*)"’, 


pCOK 


which is absolutely convergent for Re(s) > 1 and admits a meromorphic 
continuation onto the entire complex plane. The continuation is holomorphic 
with the exclusion of a simple pole at s = 1. The residue of Cx(s) at s = 1 
is known to be equal to (see Borevich Z.I., Shafarevich I.R. (1985), Weil A. 
(1974a)) 


Rx 
Res,—1¢K (s) = hx 2" (2x)" ——_—, (2.18) 
; wKkv/|Dx| 
where hx is the class number of K, Rx is its regulator, Dx its discriminant, 
wx the number of roots of unity in K and r; (resp. r2) the number of real 
(resp. complex) places of K. Therefore 


kK @R=R" 6C”. 


From the point of view of Z-functions the function ¢x%(s) corresponds to the 
trivial Galois representation of the group Gx. It therefore follows from Artin’s 
factorization formula that 


Ce(s)=C(s) [J — L(s,x,K/Q)*8*, (2.19) 


xEIrr G(K/Q) 


where the product is taken over all non-trivial irreducible representations of 
the group G(K/Q). If the extension K/Q is Abelian then (2.19) implies the 
following class number formula: 


hy = WKVIPKL I Ae (2.20) 


271(27)"2 Rr 
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since Res ¢(s) = 1. It is not difficult to compute the values L(1, x): let Cy, be 
the conductor of vy. Then 


a) for x(—1) = —1 one has 


L(1,x) = mat) S> kx(k); (2.21) 
Cy (k,Cy)=1 
O<k<Cy 


b) for x(-1)=1,x#e 


_ g(x) —k 
Ll, x) = ~"& ay x(k) log |1 — ¢~*, (2.22) 
(k,Cy)=1 
O<k<Cyx 
where ¢ = exp(277/C},) is a primitive root of unity of degree C, and g(x) 
is the Gauss sum of y. 


Formulae (2.21) and (2.22) give essential information on the class number, 
the regulator, and the structure of the class group Clx of an Abelian field K, 
in particular when K is quadratic or cyclotomic (see Borevich Z.I., Shafarevich 
IR. (1985)). 

For a quadratic field of discriminant D = Dx > 0 we have 


1 
hk =-—— ) x(k) log sin(rk/D), (2.23) 
lOBE Dy 
O0<k<D/2 


where € is the fundamental unit of K with ¢ > 1. 
If D= Dr < —4 then 


“TF rd kx(k)=(2-x(@))"" DD xt), (2.24) 


(k,D)=1 (k,D)=1 
O<k<|D| O<k<|D|/2 
and for the remaining fields K = Q(./—1), Q(/—3) one has hx = 1. 
We mention that there exists a purely arithmetical proof of the formula 
(2.24) in the case D #1 mod 8 found by B.A.Venkov (1981). 
The number 


RK 


WK v/ |Dx| 


has a geometric interpretation as the volume of a fundamental domain for Kk ~ 
in J}. with respect to the measure on the group Jy = {x € Jx | ||x|| = 1}, 
which comes from the normalized Haar measure .* on the group Jx (see §3 
of Chapter 2). 


KK = Ress=1CK(s) = hK2" (27)? (2.25) 


2.4. Hecke Characters and the Theory of Tate (Lang S. (1970), Cassels 
J.W.S., Frohlich A. eds. (1967), Weil A. (1974a)). The Abelian L-functions 
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of a number field K can be described using class field theory, which states 
in particular that there is a one-to-one correspondence between irreducible 
complex representations of the group G2? and characters of finite order of 
the idele class group Cx = Jx/K”%. In the classical theory these characters 
are known as “periodic” characters of the group of fractional ideals of K. For 
any integral ideal m C Ox write S = S(m) for the finite set of places of K 
given by S = S(m) = {vu € 2’x | v divides m} U 1’?°, where 2? is the set of 
Archimedean places of K. Let IS) be the free Abelian group generated by 
the finite places prime to m and let 


P™) — {x € K | x =1(mod mO,) for v € S}. (2.26) 


Then for each one dimensional representation p : GaP — C* there exists 
an integral ideal m and a character x : J° — C% trivial on the subgroup 
(P‘™) of principal ideals of type (x), 2 € P(™ such that p(Fr,) = x(py). The 
generalized Dirichlet L-series are then defined by 


L(s,x) = [[GQ—x(p.)Npo*) = => x(n)Nnv’, (2.27) 


v¢S n:n+tm=Ox,- 


where n runs through the integral ideals coprime to m. 

Hecke has introduced a new class of characters and L-functions, which, in 
principle, can not be reduced to L-functions of rational Galois representations. 
These characters are associated to arbitrary continuous homomorphisms 


b: Jn /K* —+C* (2.28) 


and they can be described in classical terms as follows: there exists m C Ox 
and a homomorphism y : J° — C* such that for all z € P™) one has 


x((x)) = [] ( ~ ; “fal N((2))”, (2.29) 


v|oo ed 


where Ty : K < C% is the complex embedding which defines v; |z|,) = 
jr x|Kv:Q) the corresponding normalized norm; t, and o € R; a, € Z for 
K, =C, ay =0 or 1 for K, = R. Since x((x)) depends only on (zx) the right 
hand side of (2.29) must equal 1 for all « € P'(™ A Ex. The ideal m can be 
maximally chosen for the above condition; this ideal is called the conductor of 
x and is denoted by m = f(x). The above condition y((€)) = 1 imposes some 
restriction on the choice of numbers t,,o0 and a,. One verifies that these con- 
ditions define a subgroup of (Z/2Z)"! @ Z™2 ® R™ +2 ®R which is isomorphic 
to (Z/2Z)" @Z™ @®Qut-1 OR. 

A correspondence between y and w is defined using the homomorphism 
which takes an idele to its divisor (see Cassels J.W.S., Frohlich A. eds. (1967), 
Chapter 8) 


divs: Jk >I,  (ay)y > [] p@? = 7 o(ee) -», (2.30) 
Vv Vv 
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and using an appropriate section m : I‘) — Jg which is defined by a choice 
of local uniformizing parameters my € Ox (vu(my) = 1 for v ¢ S): by this 
section a prime ideal p, goes to the idele m(v) = (---,1,7y,1,---) whose v- 
coordinate is 7, and whose other coordinates are 1. Then the character w 
corresponds to a unique x such that y(p,) = Y(a(v)), and this is a one-to-one 
correspondence. 


Examples. 
1) If p(x) = ||z||° = w(x), then m = Ox and 


X(Pv) = Npj, ty =Im s, o=Re s. (2.31) 


2) If K is an imaginary quadratic field, K C C, then for an arbitrary y there 
exists m such that 


Oe (=) "al? = 24|xl°-*, (2.32) 


(for all c € K, x =1(mod m)). 
3) If K is a real quadratic field, K C R, then 


x((z)) = wPmtef loess (2.33) 


for x = 1(mod m), z,2’ > 0, p € Q, where ¢ is a fundamental unit in K 
and x+> x’ is the quadratic conjugation. 


The interpretation of Hecke characters as certain characters of the idele 
class group was given by C.Chevalley (1940). 

Tate constructed in his thesis a general theory which makes it possible in 
particular to establish analytic continuation and a functional equation for all 
functions of type L(s, 7). We describe briefly the key points of this theory, 
which is based on Fourier analysis in number fields (Lang S. (1970), Tate J. 
(1950)). 

Every continuous character ~: Jx/K™ — C* may be regarded as a func- 
tion on Jx and it can be decomposed into a product #(z) = |, wy (rv), where 
wy, : KX — C™% are quasicharacters (i.e. continuous homomorphisms to C~% ) 
such that for almost all v the quasicharacter ~, is unramified: ,(O*) = 1 
and in view of the continuity one has w,(Zy) = |zy|°. The number o = Re y, 
is called the real part of wy. 

The first stage in Tate’s theory is to obtain a representation for a local 
factor of the Hecke L-function 


L(s,x) = [] = x(po)Nps*)2 = SD x(n)Nn*, (2.34) 


vES n: n+m=OxK 


as a certain integral over the locally compact group K?* with respect to the 
Haar measure u* normalized by the condition u*(O7) = 1. 

Let c: KX — C* be an unramified quasicharacter. We use the decompo- 
sitions KX = Unezm7O* and O,\{0} = Unezn>om7O% in order to calculate 
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the integral Jo. (0) C(@) dup (x). Consider first the integral Jinox C(x) du (x) 
and put x = me with e € OX. Then 


Looe ce a ( [. cle) du, @)) = ¢(m,)” 


UV 


in view of the invariance of du* (x) under multiplicative shifts: du*(a"zr) = 
diy (2). 

If Re c > 0 then it follows that c is integrable on O,\{0} = Unezn>07™, OF 
and one has 


Love c(x) du (x) = a a c(x) dp (x = Sel (ay)? =(1 =e): 


n>0 n>0 
(2.35) 

If c = Wyws then c(ty) = x(pv)Npz* in view of (2.29), and the expression 
(2.35) becomes the local factor of the L series (2.34). 

The essential fact is that the whole product (2.34) can ‘also be interpreted 
as a certain integral over a locally compact group with respect to an invariant 
Haar measure. The set O,,\{0} in (2.35) refers more to an additive theory than 
to a multiplicative theory. This combination of additive with multiplicative 
theories is a characteristic feature of Tate’s theory. 

Let G be a locally compact group with a Haar measure pu; denote by L1(G) 
the vector space of all integrable functions on G. If yz, is the Haar measure 
on the additive group K, normalized by the condition p,(O,) = 1 then a 
calculation analogous to (2.35) shows that 


—1 AfLy (x) 
[Z| 


dy. (x2) = (1 — Nps) (2.36) 
in view of the multiplicative invariance of the measure du, (x) /|z|,. In particu- 
lar, the condition f € L'(K ) is equivalent to saying that f(xr)/|z|, € L*(Ky). 

Let us introduce the following notation: for a quasicharacter c: kK?‘ — C”* 
and f € L}(K,) 


Colfre) = [ f(a)e(a) dX (x) (2.37) 


and suppose that fc € L'(K~*) for Re c> 0. Let f = d0,\{0} be the charac- 
teristic function of the set O,\{0} and c an unramified quasicharacter. Then 
for Re (q,w,) > 0 one has the following expression for the local ¢-factor: 


Cu(f, Pows) = (1 — x(pu)Npp*)7?. 


In order to obtain a global analogue of this expression let us consider a 
function f(z) = [|], fo(%v) on the additive group of adeles Ax such that 
fo(z) € L'(K,) and f, = 60,\{0} for non—Archimedean places v ¢ S. For a 
quasicharacter c: Jx/K* — C% we shall set | 
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cre) = | _Fe@)ela) ae*(2) = TI I Feeders) du (2). 
Then the calculation (2.35) implies that 
C(f, pws) = L(s,x) |] (fos Powe); (2.38) 


ves 


and one easily verifies that under our assumptions the integral and the product 
are absolutely convergent for Re(w,w,) > 1. An analytic continuation for 
the function L(s, x) is constructed using the integral representation (2.38) in 
which all auxiliary factors can be reduced (in our applications) to I’-functions 
and to Gauss sums. 

The technique of analytic continuation is based on tools from the theory 
of additive Fourier transforms over the group Ax. The following are the key 
points: 


I) A choice of duality. Let us fix an additive character 
A: AK/K —C*, Xx) =]] A(z), 
where one usually puts: 


exp(—27izy) if Ky = R, 
Ay(Ly) = ¢ exp(—47iRe zy) if kK, =C, (2.39) 
exp(—27i{Trx,/gu}) if [Ky : Qp] < 00. 


Then the following isomorphisms of locally compact groups are defined: 
Ky ~ K,, Ax ~ Ax, 


(where K,, Ax denote the corresponding groups of (continuous) charac- 
ters. These isomorphisms are constructed as follows: 


c+ (Xe: yrrA(yz)) (z,y € Ax), 


Ty +> (Xe, YA Yty)) (ry € Ky). 


II) Self-dual measures. One chooses normalized measures fi, and fi = [],, ftv 
such that for the Fourier transforms 


f(x) = | f(y)Mwy) diy), fi(rv) = [ foly)Ay (toy) dfiy(y) 


(2.40) 
the inversion formulae can be written in the following form: 
f(-2) =f(x),  fo(-ay) = f(a). (2.41) 


provided f, € L'(Ky), f € Li(Ax). 
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If v is a non-Archimedean place then let 0, C ©, denote the local differ- 
ent, 
0,1 = {xe K, | Ay(xy) € Z for all y € Oy}. 


Then the self-dual measure is defined as follows: 


Nod, tye [by if v is non-Archimedean, 
Hy = § dx (Lebesgue measure) if K, =R, (2.42) 
2dx dy ifz=at+iye K, =C. 


The important property of the self-dual measure is that “(Ax /K) = 1; 
also one has 0, = 0KO, and Ndx = |DR|. 
In concrete examples the following orthogonality relation is often used: 
for each character A of a compact group G 


/ A(x) du(x) = hee) if A = td, (2.43) 
G 


0 otherwise. 


This implies the following important formula: 


| hy ay) diiy(y) = 0, (c) « fy(Ov). 


Vv 


The Poisson summation formula. Let f be a continuous function on Ax 
such that both |f| and |f| are summable over the subset K C Ax and 
the series })vcx f(x + @) converges uniformly on every compact subset 
of Ax. Then the following summation formula holds: 


> fle) = >> fe). (2.44) 


ack ack 


Corollary. Under the above assumptions for alla € JK the following holds 


>, faa) = lla“? > f(am*a). (2.45) 


ack a&éK 


Now we turn to main application of the summation formula: the proof of 
the functional equation for the ¢-functions. We assume that for all o > 1 
the function |f(x)| ||x||° is integrable over the group of ideles Jx. Then for 
Re (ww,) > 1 the following integral is well defined: 


C(f, pws) = ; f(x)pws(x) du* (zr). (2.46) 


Theorem. The function C(f,yws,) admits an analytic continuation onto 
the entire complex plane and it satisfies the functional equation: 


Cf, Ws) 7 eG wy *wy-s). (2.47) 
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To prove the theorem we decompose the integral into two parts: 
ce= [ — tadea)du*(a)+ | Fle)ole) du*(x) (with = Yu) 
e241 Ile|]<1 


In view of the assumption on f the first integral converges for all c. Let us 
transform the second integral using the Poisson summation formula. We have 


/ f(x)e(x) dwu™ (x) =| ( f (tx)c(tzx) ue) dy, 
I|zI|<1 teJK/Ih \S IE 


where dy! (x) is the measure on J}. which is compatible with the Haar measure 
dv(t) = ia /t on R* and the original measure du* under the isomorphism 


Jk /Jz & Ri. The inner integral on the right hand side transforms into the 
following sum 


I, f(taz)c(tx) du' (x) = =f | oS f (taa) cyte) du' (zx) 


ack* 


where we denote by the same symbol dy(x) the measure on Ci induced by 
du'(x) on Jz. Now the inner sum transforms using (2.44) as follows: 


c(tx) Sf ( f(tza) = c(tz) (5 soe -£(0) 


ae kx aekKk 


= (te) (st™ Yo feeeta) ~ 500) 


ack 


= e(tx) (as > f(t te “a) + Hea "F(0) — 400). 


ack x 


We now change variables by putting u = t~!,y = 271; the measure in J} 
does not change. Putting the resulting expression into the integral, and using 
the notation c, = wyc7! = w~!u4_., the integral over ||x|| < 1 becomes the 
following 


/ f(ae(a) du (ae) = / f(w)ex (2) du (2) 
l|ell<4 3 ell>a 


+ ff eta) (lite F0) — 1(0)) aya 


This proves the theorem. 

As an example of this general calculation let us ate the classical func- 
tional equation for the Dedekind zeta function of a number field K. Set 
fu = 60, for non—Archimedean v, 
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ays exp(—72x7) for Ky, = R, 
ow’ | exp(—27|z|?) for K, XC. 
Then one has 


Co(for 8) = Cv(for 8) = Ix, (s) (Ky = B,C) 
and we obtain the following expressions for the global integrals (¢-functions): 
C(f,ws) = TR*(s)Ie?(s)¢x(s), 
C(fwi—a) = [Gx |O/-° TR (1 — 81 (1 — 8)¢x (1 8), 
which implies in view of (2.47) the following functional equation: 
Ax(s) = Axk(1 — s), (2.49) 
where 
Ax(s) = |Dx|*? TR (s)I@(s)¢x(s). 
In the general case of arbitrary quasicharacters we may and we shall assume 


that > yJo0 tv = 0 (by replacing s if necessary). Put 


_ | Ir(s + ity — lap) for Ky = R, 
L,(s, x) = ea? + ity —|a,|/2) for Kk, =C, 


Dy = |Dx|Nf(x)- 


Let gu(x) = 2. (xvAv) (en?) denote the Gauss sum, where {e} runs over a 


system of coset representatives for O* /(1 + f(v)O,y) with u(x) (F(x) > 0. 


Then the following functional equation holds: 


W(x)A(s,x) = A(1 — 8,%), (2.50) 
in which 
A(s,x) = D3/? [J] L.(s, x) - L(s, x), (2.51) 
vloo 


and W(x) is a complex constant with absolute value 1 given by 


W(x) =*™NG(x)7/? TT g(x) TT x5") 


vEeSy vESy 


where S, = {v | py divides f(x)} and M = 97... |avl- 


2.5. Explicit Formulae (Lang S. (1970), Weil A. (1952b), (1970), Moreno 
C.J. (1977)). We already mentioned in chapter 1 a link between the zeroes of 
the Riemann zeta function and the behaviour of the function 7(z) = ) 4-21, 
p being prime numbers. This link is expressed by an explicit formula for the 
function )>;°, ¢7(z1/*) in terms of the non trivial zeroes of ¢(s), i.e. those 
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zeroes in the critical strip 0 < Re s < 1 (the Riemann—Mangoldt formula), 
see I, 1.1.6. 

A generalization of this formula for Hecke L-series A(s,) (see definition 
(2.51)) was proposed by Weil, and is based on the Weierstrass product ex- 
pansion of this function over its zeros. 

Let us assume that Re x = 0 and the normalizing condition )/,), tv = 0 
is satisfied (see (2.50)). Put 6, = 1 if y = 1 and 0 otherwise. Then it follows 
from the functional equation (2.47) that the function 


[s(s — 1)]}’* A(s, x) 


is an entire function of order 1. Hence by a general theorem from the theory of 
functions of one complex variable one has the following Weierstrass product 
expansion of this function over its zeros: 


A(s, x) = aye°x*[s(s ~— 1)]7>x I] (a — -) ere. (2.52) 


where w = a+14 runs over the set of all zeroes of the function A(s, y) counting 
multiplicities, and a, and b, are certain constants. The main result on explicit 
formulae for the D-functions A(s, xv) can then be stated as an equation relating 
a linear combination of the values of a certain function over (logarithms of 
norms of) powers of prime ideals, to the sum of the Mellin transform of this 
function over the zeroes of the L-function (2.52). 

Let us consider a complex valued function F : R — C with the property 
that there exists a constant a > 0 such that 


F(a)e(O/2+9l2l € T1(R). 
Then the Mellin transform 
+00 Be 
P(s) = / F(z)e'S~ 2) dex 
—OoO 


is a function which is holomorphic in the strip —a < Re s < 1+a. We assume 
that the function F(z) satisfies the following conditions: 


A) The function F(x) has continuous derivative everywhere apart from a 
finite number of points a;, at which both F(z) and F’(x) have only breaks 
of the first kind, and F(a;) = $[F (ai + 0) + F(a; — 0)}. 

B) For some number b > 0 the following estimates hold as |x| — oo: 


F(z) = O(e7 1/2) +2)! 
F'(x) = O(e~ (1/2) +8) lz1), 


Then we have that &(s) = O(|t|~+) uniformly in the strip —a’ < 0 < 1+<a’ 
if0<a’<b(o=Re s,t=Im s). 
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The explicit formula. With the above notation and assumptions consider 


the sum 
S- D(w) 


\t|}<T 


extended over all zeroes w = 3+%t of the function L(s, x) satisfying 0 < 6 <1, 
|t| < T. Then as T — oo this tends to a limit, which is equal to 


+00 
jim. Ss P(w) =6, .. F(x) (e? +e7?) da 


\t|<T 
+ F(0) log Ay 


lo N -—n —n 
> Nee? x wer xt p)"F(log Np”) + x(p)~"F (log Np~”)| 


ia 3 W, (Fv) ) 


v|oo 
(2.53) 
where A, = 27"1(27)~" Dy Nf(x), 


F,(x) = F(x)e~***?/™ = (n, = [Ky : R)), 


and W, is the functional uniquely defined by the property 
+0o 
W.(g) = tim / (1 — e~!#!) K(x) g(x) dx — 29(0) log AI . 


Here the function K,(z) is defined by 
e7 (1/2) lave! 


]e#/2—e-*/2] for Ky “RR (ny = 2), 
K,(x) = 


e7((1/2)— lave) 
le*-e-*| 


for Ky ]=C° (ny = 1). 


The explicit formula (2.53) is a rich source of possibilities for studying very 
fine points in the distribution of prime ideals in number fields and the images 
of the corresponding Frobenius elements in Abelian Galois representations. 
We mention that there is an analogue of these formulae in the case of global 
fields of positive characteristic (the function field case). This generalization 
makes it possible to obtain some very precise estimates for the numbers of 
points on curves over finite fields, and has some other interesting applications 
(Serre J.-P. (1983)). 

The logical structure of the proof of (2.53) is quite simple and is based on 
studying the integral of the function @dlog A(s,yv) along a special contour 


using two explicit expressions for the logarithmic derivative seu arising 


from the Euler product defining L(s,x) and from the Weierstrass product 
formula (2.52). One uses only the following results of an arithmetical nature: 
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a) The boundedness of the |LZ(s,y)| in each right half plane of type Re(s) > 
l+a,a>0. 

b) The functional equation (2.50) for A(s, x). 

c) The boundedness of the function A(s, x) in every strip 09 < Re(s) < oy 
excluding a finite number of poles. 


2.6. The Weil Group and its Representations (see Tate J. (1979), Weil A. 
(1974a)). We wish to discuss a general construction which makes it possible to 
treat at the same time representations of Galois groups and quasicharacters of 
number fields, and their L-functions. This construction is based on the notion 
of the Weil group, which we briefly discuss now. 

Let F be a local or global field and F° its separable algebraic closure. For 
a finite extension F'/F in F* let Gg = Gal(F*/E) be the corresponding open 
subgroup. Let 

Cee a if E is a global field, 
E* if F is a local field. 
The relative Weil group Wg Fr can be described as a group extension 


0— Ce - Wer — Gal(E/F) — 0, (2.54) 


whose isomorphism class is defined by the canonical generator ag/f of the 
cohomology group H?(Gal(E/F),Cz) = (ag/r) given by class field theory 
(see §4 of Chapter 2). 
' There is also a more invariant definition which makes it possible to treat 
all extensions E//F at the same time (Tate J. (1979)). 

The absolute Weil group Wr is defined as a topological group endowed with 
a continuous homomorphism y : Wr — Gr with dense image, which satisfies 
the following additional conditions (Tate J. (1979), p. 74-75): 


‘W1) There exist isomorphisms rg : Cg — W2 for which We = y-1(Gz) 
for all finite extensions E and W2> = We/Wé&, Wé§ being the minimal 
closed subgroup of Wg containing all its commutators. These isomor- 
phisms satisfy the following condition: the composition 


TE 


~ 


Ce > We —> GP 


coincides with the homomorphism of class field theory. 
W2) Let w € We ando = y(w) € Gr. Then for each EF the following diagram 


commutes: 
TE 
Ce — Wz? 
isomorphism, | | conjugation 
induced by o . by w 
T Ee 


Creo ae war 


W3) For E’ C E the following diagram commutes: 
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TE | 
Cer — war 
homomorphism, induced { i transfer, 
by the inclusion E’CE see (2.4.17) 
TE 
ab 


W4) The natural map 
def 
Wr —? We/F = Wr/We 
defines an isomorphism 


Wr = lim Wer. 
E 


It is not difficult to verify that this is equivalent to the previous definition. 

The group Wr can be constructed starting from the above relative Weil 
groups Wyr using certain functorial properties of the classes ag ;r. From 
the existence of Wr with properties W1)—W4) one can deduce all the main 
theorems of class field theory (in both local and global cases). 

Also, there exists a homomorphism w +> ||w|| of Wr to R{ which corre- 
sponds under the isomorphism rr : Cr > web to the norm homomorphism 
to RX of the idele class group Cr = J; /F™ in the global case, and to the 
normalized absolute value of Cr = F™” in the local case. In view of the relation 
|Nez/ral|r = |lal|z the restriction of this norm function ||w|| on Wr to the 
subgroup Wg coincides with the corresponding norm function for Wg, so that 
we can omit the index EF. One verifies that the kernel of the homomorphism 
w ++ ||wl| is compact. 


The relation between the local and global Weil groups. Let F' be a global 
field and v a place of F extended to F. Then there exists a natural embedding 
6,.: Wr, — Wr which is compatible with the inclusions 7, : Gr, — Gr and 
Ey - Cg for all E/F, |B: F| < ow. 


Representations of the Weil groups. Denote by M(G) the set of isomor- 
phism classes of finite dimensional complex representations p : G — GL(V) 
of a topological group G. A one dimensional representation x : G — C”* will 
be called a quasicharacter of G. Using the isomorphism rp : Crp > Ww we 
can identify quasicharacters of Wr with quasicharacters of F (or of Cr). For 
example, the quasicharacter corresponding to the quasicharacter c +> ||c||¢ 
(with |\cll being the idele norm of c.€ Cy) will be denoted by the same 
symbol w,, so that one has w,(w) = ||w]|®. 

On the other hand the image of y : Wr — Gr is dense, hence the set 
M(G pr) can be identified with a subset of M(W-r). Representations in this 
subset are called Galois-type representations. A representation p is of Galois 
type iff the image p(W-) is finite. 

Under the above identification a character x of Gr corresponds to the 
character of Cr obtained from x using class field theory. 
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Using the embeddings 6, : Wr, — Wr Weil has defined L-functions L(p, s) 
of representations p € M(W-) which include the L-functions of Artin and 
Hecke as special cases (Hecke-Weil L-functions). For these L-functions the 
usual Artin formalism is valid. Also, there is an analogue of the theorem 
of Brauer, which makes it possible to reduce the Hecke—Weil L-functions to 
products of integral powers of Hecke L-functions of quasicharacters of finite 
extensions E of F’. A precise statement of the functional equation of L(p, s) 
and a definition of all its local factors are given in Tate J. (1979). 

Weil has established explicit formulae of the type (2.53), and proposed 
a generalized Riemann hypothesis, and an analogue of the Artin conjecture 
for the Hecke—Weil L-functions L(p,s). A remarkable fact is that both the 
Riemann and Artin conjectures can be reduced to positivity properties of the 
linear functional in the right hand side of the generalized explicit formula of 
type (2.53). 

Apart from complex representations one can also consider | -adic represen- 
tations of Wr, and compatible systems of such representations. Tate gives in 
(Tate J. (1979)) general conjectures which indicate that complex and l-adic 
representations of the Weil group play a universal role in number theory. 


2.7. Zeta Functions, L-Functions and Motives (see Manin Yu.I. (1968), 
Deligne P. (1979)). As we have seen with the example of the Dedekind zeta 
function ¢x(s), the zeta function ¢(X, s) of an arithmetic scheme X can often 
be expressed in terms of L-functions of certain Galois representations. This 
link seems to be universal in the following sense. 

Let X — Spec Ox be an arithmetic scheme over the maximal order Ox 
of a number field K such that the generic fiber Xx = X ®o, K is a smooth 
projective variety of dimension d, and let 


¢(X,s) = |] ¢(X(p), s) 
p 


be its zeta function, where X(p) = X ®o, (Ox/p) is the reduction of X 
modulo a maximal ideal p C Ox. The shape of the function ¢(X(p),s) is 
described by the Weil conjecture (W4). If we assume that all X(p) are smooth 
projective varieties over Ox /p = F, then we obtain the following expressions 
for ¢(X, s): 

2d | 

¢(X, 8) = [[Li(X, 8), (2.55) 

i=0 

where 


LX, s) = lWEmmnes¢ Np7*)7¢, 
p 


and P, ,(X,t) € Q[t] denote polynomials from the decomposition of the zeta 
function 
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2d 


¢(X(p), 8) = |] Pip(X, Np?) 


1=0 


eee 


In order to prove the conjecture (W4) (“the Riemann Hypothesis over a finite 
field” ), Deligne identified the functions L;(X, s) with the Z-functions of certain 
rational /-adic Galois representations 


px: Gre > Aut Hi,(X<z,Q); Li(X,s) = L(px,i, 8) 
defined by a natural action of the Galois group Gx on the l-adic cohomology 
groups Hj,(X3, Q:) using the transfer of structure 

A = XK® K 
{ 
—— 0 — eee 
SpeckK — Speck (o€ Aut K). 
If Xx is an algebraic curve then there are Gx-module isomorphisms 
Hi (Xx, Q) = Vi(J) = Ti(X) @2, Q 
(the Tate module of the Jacobian of X), 
He, (Xx,Q) =Q, AS(Xz,Q) =V(y) 


(Vi() = T1() ®z, Q; the Tate module of /-power roots of unity). This implies 
the following explicit expressions for the D-functions 


Lo(X, s) = Cx(s), L2(X, 8) = CK (s — 1), 
and the zeta function 


L,(X,s) = L(X,s) = |] Pip(X,Np7*)**, 
p 


(where deg Pi »(X,t) = 2g, g is the genus of the curve Xx) is often called the 
L-function of the curve X. | 

For topological varieties cohomology classes can be represented using cy- 
cles (by Poincaré duality), or using cells if the variety is a CW-—complex. 
Grothendieck has conjectured that an analogue of CW-—decomposition must 
exist for algebraic varieties over K. In view of this decomposition the fac- 
torization of the zeta function (2.55) must correspond to the decomposition 
of the variety into “generalized cells”, which are no longer algebraic varieties 
but motives, elements of a certain larger category Mx. This category is con- 
structed in several steps, starting from the category Vx of smooth projective 
varieties over K. 


Step 1. One constructs first an additive category M‘, in which Hom(M, N) 
are Q-linear vector spaces, and one constructs a contravariant functor H* 
from Vx to M‘,, which is bijective on objects (i.e. with objects H*(X) one 
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for each X € Ob(Vx)). This category is endowed with the following additional 
structures: 


a) a tensor product ® satisfying the standard commutativity, associativity — 
and distributivity constraints; 

b) the functor H* takes disjoint unions of varieties into direct sums and 
products into tensor products (by means of a natural transformation com- 
patible with the commutativity and associativity). 


In this definition the group Hom(H*(X), H*(Y)) is defined as a certain 
group of classes of correspondences between X and Y. For a smooth projective 
variety X over K denote by Z*(X) the vector space over Q whose basis is 
the set of all irreducible closed subschemes of codimension 7, and denote by 
Z.(X) its quotient space modulo cohomological equivalence of cycles. Then 
in Grothendieck’s definition, for fields K of characteristic zero one puts 


Hom(H*(Y), H*(X)) = Z9™°(X x Y). 


Step 2. The category Meg,x of false effective motives. This is obtained 
from M‘, by formally adjoining the images of all projections (i.e. of idempo- 
tent morphisms). In this category every projection arises from a direct sum 
decomposition. Categories with a tensor product and with the latter property 
are called caroubien or pseudo—Abelian categories; Meg,x is the pseudo— 
Abelian envelope of M/4,, see Deligne P. (1979). 


Step 3. The category Mx of false motives. Next we adjoin to Meg,x all 
powers of the Tate object Q(1) = Hom(L,Q), where L = Q(-1) = H?(P') 
is the Lefschetz object and Hom denotes the internal Hom in Meg, K. As a 


result we get the category M K of “false motives”. The category M K can 
be obtained by a universal construction which converts the functor M — 


M ® Q(-1) = M(-—1) into an invertible functor. Each object of Mx has the 
form M(n) with some M from Meg,x. 

Note that for X € Ob(Vx) the objects H*(X) are defined as the images of 
appropriate projections and 


2d 
= CP H'(X). 
i=0 
The category Mx is a Q-linear rigid Abelian category with the commuta- 
tivity rule 


ws : HT (X) @ H8(Y) & H°(Y) @ H"(X),u@ve4 (-1)"v @u, 


which implies that the rank rk(H(X)) = 5>(—1)" dim H"(X ) may be negative 
(in fact it coincides with the Euler characteristic of X). 
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Step 4. The category Mx of true motives is obtained from Mx by a mod- 
ification of the above commutativity constraint, in which the sign (—1)"® is 
dropped. This is a Q-linear Tannakian category, formed by direct sums of 
factors of the type M c H™(X)(m), see Deligne P. (1979). 


Tannakian categories are characterized by the property that every such cate- 
gory (endowed with a fiber functor) can be realized as the category of finite 
dimensional representations of some (pro—) algebraic group. 

In particular, the thus obtained category of motives can be regarded as 
the category of finite dimensional representations of a certain (pro~) algebraic 
group (the so-called motivic Galois group). 

Each standard cohomology theory #1 on Vx (a functor from Vx to an 
Abelian category with the Kiinneth formula and with some standard functo- 
riality properties) can be extended to the category Mx. This extension thus 
defines the H-realizations of motives. 

In order to construct L-functions of motives one uses the following realiza- 
tions: 

a) The Betti realization Hz: for a field K embedded in C and X € Ob(Vx) 
the singular cohomology groups (vector spaces over Q) are defined 


H:X + A*(X(C), Q) = Hp(X). 
One has a Hodge decomposition of the complex vector spaces 


Hp(M) @C = @H29(M) (hP4 = dime H2"(M)), 


en 


so that HE"(M) = H#?(M). If K C R then the complex conjugation 
on X(C) defines a canonical involution F,, on Hg(M), which may be 
regarded as the Frobenius element at infinity. 

b) The l-adic realizations Hj: if Char K 4 1, X € Ob(Vx) then the l-adic 
cohomology groups are defined as certain vector spaces over Q; 


H:X + Hi(XK,Q) = H,(X). 


There is a natural action of the Galois group Gx on H)(X) by way of 
which one assigns an l-adic representation to a motive M € Mx 


PML: Gr — Aut Ay(M). 


A non-trivial fact is that these representations are E-rational for some 
E, E CC in the sense of 4.2.1. 


Using the general construction of 4.2.1 one defines the L-functions 


L(M,s) =|] Z.(M,s) (v finite), 


where L,(M,s)~! = Ly,(M,Np7*)~! are certain polynomials in the variable 
t = Np; * with coefficients in EL. 
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For Archimedean places v one chooses a complex embedding 7, : K — 
C defining v. Then the factors L,(M,s) are constructed using the Hodge 
decomposition Hg(M) @C = ®H¥;7(M) and the action of the involution F., 
(see the table in 5.3. of Deligne P. (1979)). 

According to a general conjecture the product 


A(M,s) =|] L.(M,s) (v € Ex). 


admits an analytic (meromorphic) continuation to the entire complex plane 
and satisfies a certain (conjectural) functional equation of the form 


A(M, s) = e(M,s)A(MY,1-~), 


where MY is the motive dual to M (its realizations are duals of those of M), 
and ¢(M,s) is a certain function of s which is a product of an exponential 
function and a constant. 

One has the following equation 


A(M(n), s) 2 A(M,s+n). 


A motive M is called pure of weight w if h?? = 0 for p+ q # w. In this 
case we put Re(M) = —3. The Weil conjecture W4) (see 4.1.3) implies that 
for a sufficiently large finite set S of places of K the corresponding Dirichlet 
series (and the Euler product) 


Ls(M,s) = || L.(M,s) 
vEeS 


converges absolutely for Re (MM) + Re(s) > 1. 

For points s on the boundary of absolute convergence (i.e. for Re(M) + 
Re(s) = 1 there is the following general conjecture (generalizing the theorem 
of Valle—Poussin): 


a) the function Ls(M,s) does not vanish for Re(M) + Re(s) = 1; 

b) the function Ls(M,s) is entire apart from the case when M has even 
weight —2n and contains as a summand the motive Q(n); in the last case 
there is a pole at s=1—n. 


For example, for the motive Q(—1) one has 
Hp(Q(-1)) = H*(P'(C),Q), Ai(Q(-1)) = Vi(u) = Ti(u) @z, Q, 
w =2,n = —1 and the L -function 
L(Q(-1), 8) = G(s — 1) 


has a simple pole at s = 2. 
There are some very general conjectures on the existence of a correspon- 
dence between motives and compatible systems of l-adic representations. 
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Nowadays these conjectures essentially determine key directions in arithmeti- 
cal research (Borel A., Casselman W. eds. (1979), Borel A. (1979), Tate J. 
(1979)). We mention only a remarkable fact that in view of the theorem of 
Faltings (85 of Chapter 3) an Abelian variety is uniquely determined upto 
isogeny by the corresponding l-adic Galois representation on its Tate module. 
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3.1. There is one more method of constructing [-functions, which is con- 
nected with modular forms (or more generally with automorphic forms). These 
forms may be regarded as certain special functions on real reductive groups 
G(R) (or on the symmetric spaces associated with them). These functions, 
which at first sight seem to be analytic rather than number theoretical ob- 
jects, turn out to be closely related to a) Diophantine equations (arithmetic 
schemes, see $1), and b) Galois representations. A link between the three types 
of object is given by identifying the corresponding L-functions. A non-trivial 
example of the link between a) and b) is given by the proof of the theorem 
of Faltings: the L -function L(A, s) attached to H!(A) of an Abelian variety 
A uniquely determines A upto isogeny. It is even sufficient to know a finite 
number of the local factors (see §5, Chapter 3) 


L1.¥(A,s) = det (1 —Npj*Fry|T)(A))~* (lL / Char v). 


Therefore the finiteness problems for Abelian varieties upto isogeny can be 
reread in terms of the corresponding Galois representations. 

A characteristic feature of the modern theory of L-functions is the study 
of automorphic forms together with the (infinite dimensional) representations 
of the groups G(R) and G(A) generated by these forms, where A denotes 
the adele ring of Q and it is assumed that G is defined over Q. These repre- 
sentations (automorphic representations) occur in the corresponding regular 
representations, i.e. in vector spaces of smooth (or square integrable) func- 
tions over these groups (with respect to Haar measure). This approach makes 
it possible to study the L-functions using methods from the representation 
theory of the groups G(Q,), G(R) and G(A) (Borel A. (1979)). 


3.2. Classical modular forms are introduced as certain holomorphic func- 
tions on the upper half plane H = {z € C | Im z > 0}, which can be regarded 
as a homogeneous space for the group G(R) = GLoe(R): 


H = GLo(R)/O(2) - Z, (3.1) 
where Z = {(5 S) |x € R*} is the center of G(R) and O(2) is the orthogonal 


ay 6 


group. The group GLtT (R) of matrices y = (* ) with positive determinant 


acts on H by fractional linear transformations; on cosets (3.1) this action 
transforms into the natural action by group shifts. 
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Let I’ be a subgroup of finite index in the modular group SL2(Z). A holo- 
morphic function f : H — C is called a modular form of (integral) weight k 


with respect to I iff the conditions a) and b) are satisfied: 
a) Automorphy condition 


f ((ayz + by)/(ey2 + dy)) = (Cyz + d)* f(z) (3.2) 


for all elements y € I’; 
b) Regularity at cusps: f is regular at cusps z € QU too (which can be 
regarded as fixed points of parabolic elements of I’); this means that 


for each element a = ¢ € SLo(Z) the function (cz + d)“*f ( 243) 


admits a Fourier expansion over non-negative powers of g!/% = e(z/N) 
for a natural number N. One writes traditionally 


q = e(z) = exp(27iz). 
A modular form 


f(2) = Do aln)e(nz/N) 
n=0 


is called a cusp form if f vanishes at all cusps (i.e. if the above Fourier 
expansion contains only positive powers of gi/N ) see Lang S. (1976), Ogg 
A.P. (1965), Fomenko O.M. (1977), Panchishkin A.A. (1981). 


The complex vector space of all modular (resp. cusp) forms of weight k 
with respect to I’ is denoted by M,(I°) (resp. S;,(I°)). 

A basic fact from the theory of modular forms is that the spaces of modular 
forms are finite dimensional. Also, one has M,(L)Mi(I‘) C Mx4i(I). The 
direct sum 


M(L) = GMa (LP) 
k=0 


turns out to be a graded algebra over C with a finite number of generators. 
An example of a modular form with respect to SLo(Z) of weight k > 4 is 
given by the Eisenstein series 


Ge(z)= ST (mi +mgz)-* (3.3) 


m1 ,mM2 EZ 


(where the prime denotes that summation is restricted to pairs (m1,m2) # 
(0,0)). For these series the automorphy condition (3.2) can be deduced 
straight from the definition. One has G;(z) = 0 for odd k and 


2(Qri)*¥ | By 


G,(z) = (k—1)! | 2k + S| on-1(n)e(nz) (3.4) 
; n=1 


where o,-1(n) = Doan d*k-1 and B, is the k*® Bernoulli number. 
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The graded algebra M(SL2(Z)) is isomorphic to the polynomial ring of the 
(independent) variables G4 and Gg. 

The set H/SL2(Z) can be identified with the set of isomorphism classes 
of elliptic curves over C: to each z € HA one associates the complex torus 
C/(Z + zZ) which is analytically isomorphic to the Riemann surface of the 
elliptic curve written in Weierstrass form as follows 


2 = dx? — go(z)x — 93(z) (3.5) 


Y 
where go = 60G4(z), 93(z) = 140G6(z). 
If we replace z by y(z) for y = is € SL2(Z) then the lattice A, = 
Z+ 2zZ is replaced by 


Ay(z) = Z+7(z)Z = (cz + d)7*(Z + 2Z) = (cz +.d)7*A,, 


and the curve (3.5) is then replaced by the curve whose Weierstrass form has 
the coefficients 


g2(y(z)) = (cz + d)*go(z), ga(y(z)) = (cz + d)°ga(z). 


The discriminant of the cubic polynomial in the right hand side of (3.5) is 
a cusp form of weight 12 with respect to I = SL2(Z): 


oo Le @) 
2-4(g3 — 2793) = 2-4(2m)%e(z) [] (1 —e(mz))"* = 2-4(am)? Y | r(n)e(nz), 
m=1 n=1 
(3.6) 
where 7(n) is the Ramanujan function. The function 
93 1 ~ 
j(z) = 1728-42, = — + 7444S e(n)q” 3.7 


a | 


is meromorphic on H and at oo, and is invariant under [ = SLo(Z). This 
function provides an important example of a modular function; it is called the 
modular invariant. 

For an integer N the following congruence subgroups are defined: 


Io(N) = {7 € SLa(Z) | c, =0 mod N}, (3.8) 
I, (N) = {y € Ip(N) | ay =d,=1 mod N}, (3.9) 
I(N) = {y € SLo(Z) | y=1 mod N}. (3.10) 


More generally, a subgroup I’ Cc SLe(Z) is called a congruence subgroup iff 
I’ > IN) for some N. Consider fundamental domains in H for the actions of 
the above congruence subgroups: (a) H/Io(N), (b) H/I\(N), (c) H/I'(N). 
These domains can be identified respectively with the sets of isomorphism 
classes over C of the following tuples:- 
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(a) (E, (P)), an elliptic curve over C together with a cyclic subgroup of order 
N, (P) c E(C), Card(P) = N; 

(b) (£,P), an elliptic curve over C together with a point P € E(C) of order 
N, Card(P) = N; 

(c) (£, P,Q), an elliptic curve over C together with a basis of the points of 
order N: 


P,Q € E(C)n = (P) @(Q) Y&Z/NZ@Z/NZ. 


In order to describe this identification one associates to a point z € H the 
following tuples: 


(a) (C/A,z,{1/N) mod A,)); 
(b) (C/A,,1/N mod A,); 
(c) (C/A,,1/N mod A,,z/N mod A,). 


For the study of modular forms it is convenient to use the traditional no- 
tation 


(flav)(z) = det-y*/? f(y(z))(eqz + dy)" (3.11) 
for the weight k action of an element y = (o =) € GLJ(R) with positive 


determinant det y > 0. 
Let w be a Dirichlet character mod N. Put 


Mi(N,Y) ={f EMK(ITUN)) | flay = Y(dy)f for all y € aia’ . 
1 
SEN, b) = Mi (N.Y) SKI (N)). (3.13) 


One then has the following decomposition 
Mi(Di(N))= ED Ma(N,4), Se(T(N))= ED Sk(N, 4). 
w mod N w mod N 


For a modular form h € M;(N,w) the Petersson inner product of h with 
f € &(N, w) is defined by the formula 


(mw = [ F@h(2)y*-? de dy, (3.14) 
H/To(N) 


where z = x + iy, H/Io(N) is a fixed fundamental domain for H modulo 
Io(N). Then one has the following orthogonal decomposition: 


M(N,Y) = Sk(N,) © Ex(N, ¥); (3.15) 


where &j(N,w) is the subspace of Eisenstein series, whose basis can be ex- 
plicitly described and consists of Fourier series of type (3.3) (Lang S. (1976), 
Hecke E. (1959), Shimura G. (1971)). 

The arithmetical significance of modular forms is well illustrated by the 
example of the theta series. Let 
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Q(X) = 5(XAX 


be a positive definite, integral quadratic form in an even number 2k of vari- 
ables, with an even matrix A = (ai;), ai; € Z, ay € 2Z, k > 2, where 
X ='(21,2%2,...,X2~) is an integral column vector. Let us associate to Q(X) 
the following theta series | 


0(2z;Q)= SY e(Q(M)z) “2 n)e(nz); (3.16) 
MEZ2k n=0 
where 
*(m1,Ma,... . ,Mak) = a M, 
a(n) =a(n;Q) = Card{M € Z7* | Q(M) = =n} (3.17) 


is the number of representations of n by the integral See form @ with 
matrix A. 

Let N be the level of Q, i-e. the smallest positive integer N such that NA7! 
is an even integral quadratic form. It turns out that 0(z;Q) € Mx(N,€a), 
where €,(d) = (4) is the quadratic character attached to the discriminant 
A of the form Q Ogg A.P. (1965), Kogan L.A. (1971). 

The theory of modular forms makes it possible to obtain good estimates, 
and sometimes even explicit expressions, for the numbers a(n; Q). In order to 
do this the theta function (3.16) is written as a sum of an Eisenstein series 


Ey. (2; =S ni (n; Q)e(n2) € Ex(N, €a) (3.18) 


n=0 


and a cusp form 


S4(25Q) = Sy dens Q)e(nz) € S.(N, ea) (3.19) 


n=1 


The coefficients p;,(n;Q) are elementary arithmetical functions such as 
o.-1(n). For the coefficients of cusp forms one has the famous estimate 


b(n) = O (n*#"+*) , e>0 (3.20) 


which was known as the Petersson—Ramanujan conjecture before being proved 
by Deligne (1974), who first reduced this conjecture to the Weil conjecture 
(4.1.3) (Deligne P. (1969)), and then proved all these conjectures. 

In particular for the Ramanujan function 7(n) Deligne’s estimate takes the 
form 


11/2 


T(p) < 2p (p prime numbers). 


Applying the estimate (3.20) to the series (3.16) gives 


a(n; Q) = pr(n;Q) +O (n°= +) , €>O0 (3.21) 
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The proof of (3.20) is based on a geometric interpretation of a cusp form 
f € S(L) of even weight k as a multiple differential: for ~ € I the expression 


f(z) (dz)*/? 


does not change if we replace z by y(z), and can therefore be defined over the 
modular curve Xr = H/T, i.e. on a projective algebraic curve, whose Riemann 
surface is compact and is obtained by adding to H/I a finite number of 
cusps. In particular, for k = 2 the expression f(z) dz represents a holomorphic 
differential on X;, and the estimate (3.20) in this case was first established 
by M.Eichler (1954). 

Many interesting examples of formulae for the numbers a(n;Q) can be 
found in the book of L.A.Kogan (1971), and in Andrianov A.N. (1965), Lo- 
madze G.A. (1978), Hecke E. (1959) and elsewhere. | 


3.3. Hecke Theory. In the examples of Eisenstein series and theta functions 
one notices an interesting fact: the Fourier coefficients a(n) of these modular 
forms turn out to be either multiplicative arithmetical functions or linear 
combinations of such functions. For the Ramanujan function 7(n) (3.6) these 
multiplicativity properties have the following form 


T(mn) = ee for n) ae | (3.22) 
T(p") = t(p)T(p"") — pt(p"") (pa prime number ,r > 2) 


and it seems that not even these relations can be established using only ele- 
mentary methods. They might be an example for the theorem of Godel (see 
Chapter 1) (Hecke E. (1959), Andrianov A.N. (1974), Lang S. (1976)). 


0O 
n=0 


Let m be a positive integer, f(z) = >> 
the following functions are defined 


f|U(m)(z) = S~ a(mn)e(nz) = m*/?-1 Sf ly t *) : 


a(n)e(nz) a function on H. Then 


eg u mod m : (3.23) 
fIV(mn)(2) = > alne(mnz) = f(z) = mW? f, (TT). 
n=0 


Imagine that the operator 
fr f|U(m) 


acts on the space of modular forms M;(N, w). Then one might expect to find 
a basis consisting of its eigenfunctions. Assuming f to be an eigenfunction 
would then imply the relations 


a(mn) = A(m)a(n) (néEN) 


where A(m) are the corresponding eigenvalues: 
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f|U(m) = A(m)f. 


The desired multiplicativity property would then follow. However, if f € 
M;,(.N, 7) then in general one can only state that 


f|U(m)(z), FIV (m)(z) € Me(mN, p), (3.24) 
and 
f\U(m)(z) € Mi (N,v) 


holds only when m divides N. In order to cope with this difficulty in the 
general case note that the matrices G » ) in the definition (3.23) of U(m) form 
part of a complete system of right coset representatives for Ig(.N)\Am(JN), 
where A,,(N) denotes the set 


An(N) = {7 = (04) | a,b,c,d € Z,c = 0 mod N,det 7 =m} 


which is invariant under right multiplication by elements of Io(N). As a com- 
plete system of right coset representatives for I9(N)\Am(N) one could take 
the set 


tea) | a,d>0,ad=m,b=0,...,—1}. (3.25) 


This fact makes it possible to define instead of U(m) another operator which 
does act on the space of modular forms M,(N,w). This other operator is 
called the Hecke operator T(m):- 


fo flrT(m) = m®P1S" b(ae)f leo, (3.26) 


where o = (3 =) E Ip(N)\An(N), (m, N) = 1. 
The action of T(m) on the Fourier coefficients is easily calculated using the 
systems of representatives (3.25): 


fii) =>: p(my)my~* f|U (m/m1)V (m1) 


mi|m 


=a(0) D7 d(mi)my~ 


my|m 


+> SS (mi) mit a(mn/m})e(nz), 


n=1 m1 | (m,n) 


(3.27) 


where it is implicitly assumed that a(x) = 0 for x ¢ Z. 
Multiplying the systems (3.25) together shows that the multiplication rule 
for the operators T;,(m) is as follows: 


Ti(m)Tk(n) = > W(mi)my—*T,(mn/m?). (3.28) 


m1 | (m,n) 
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In particular all the operators T;,(n) commute. If f € Mz(N, wy) is an eigen- 
function for all T;,(n) with (m, N) = 1, ice. if 


f|T.(m) = An(m)f ((m.n) = 1), (3.29) 


then (3.28) implies that 


As(m)Az(2) = S-—h(my) hg (n/m). 
m1 | (m,n) 
Equating the fourier coefficients a(n) in (3.29) one obtains the following equal- 


ities 
a(0) S> d(my)m*-? = d4(m)a(0), 


mi|m 


| - : (3.30) 
S- (mi)mya(mn/m)) = Az(m)a(n). 
m1 | (m,n) 
In particular for n = 1 one has 
a(m) = A4(m)a(1), (3.31) 


and for a(1) # 0 the function a(m) is therefore proportional to the function 
A(m) for (m, N) = 1. 

All these properties can be especially neatly expressed in terms of Dirichlet 
series: for the function 


f(z) =D a(n)e(nz) € Mi (N, 4), 


n=0 


satisfying (3.29) put formally 


Ly(s,f)= S> As(n)n-*, Ry(s,f)= SY > a(n)n-*. (3.32) 
(Nin)=1 (ya 


Then these (formal) Dirichlet series satisfy the following identities: 
I) The Euler product expansion: 
Ly(s,f)= |] (@—As@)p-? + bp 77}. (3.33) 
p: pfN 
Il) Ry(s, f) = a(1)Lw/(s, f). 


Indeed the multiplication rule (3.28) for distinct primes p;, p; / N implies 
that one has 7 


In(s,f) = Il (Soavtehnr®), 


p:p{n \o=0 
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and each of the series can be summed over 6 using the relation 


As(p)As(p) = As(V°*") + ¥(P)As(P°) (6 = 1). (3.34) 


Equation II) follows directly from (3.31). 
Convergence of the series (3.32) for Re(s) >> 0 follows from the following 
estimates for the coefficients 


a) If fe My(N,y) then 
la(n)| = O(nk-44*), eg > 0 (3.35) 


and the Dirichlet series (3.32) converge absolutely for Re s > k. 
b) If f € Sp(N,w) then 


k—1 


ja(n)| = O(n F*), e€>0 (3.36) 


and the series Ly(s,f) and Ry(s,f) converge absolutely for Re s > 
(k+1) | 
ee 


The estimates (3.35) and especially (3.36) use some fine arithmetical prop- 
erties of the coefficients a(n). However, using only analytic properties of f(z) 
(the fact that it is holomorphic and the automorphic condition (3.2)) one can 
easily obtain rougher estimates:- 


a) 
ja(n)| = O(n*), for f € Mx (N, ); 


b) 
ja(n)| = O(n*/?), for f € S,(N, vp); 


the latter estimate is implied by the estimate |f(z)| = O(y*/*) (y — 0, 
z=x+1y). 


A basis consisting of eigenfunctions for Hecke operators can be found using 
the Petersson inner product (3.14). One verifies that the operators T),(m) 
on S;,(N,w) are normal with respect to this inner product for (m,N) = 1. 
Moreover, the operators are ~-Hermitian: for all f,h € S,(N, w) the following 
equation holds: 


w(m)(f|Tk(m), h)w = (f, hlTk(m)) wv. (3.37) 


By a general theorem of linear algebra on families of commuting normal 
operators, there is an orthogonal basis of S;(N, w) consisting of common eigen- 
functions of all the T;,(m), ((m, N) = 1). A basis with this property is called a 
Hecke basis. In the case that the number m is divisible only by prime divisors 
of the level N, one may use the operator U(m) instead of T;,(m). As was men- 
tioned above (see (3.23)) these operators leave M;,(N, w) invariant. However, 
they are not normal and in general are not diagonalizable in S;(N, w). 


The Mellin transform of a modular form and its analytic continuation. Let 
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OO 


f(z) = >) a(n)e(nz) € My (N, Y). 


n=0 


Then the Dirichlet series 
R(s, f) = Fils, f) = Yalan 


which converges absolutely for Re s > 0 can be analytically continued to the 
entire complex plane using the Mellin transform of the modular form /: 


(2n)~*T(s)R(s, f) = | “[F(éy) — a(0)]y*"! dy (Re(s) 0). (3.38) 


This can be seen by integrating termwise the series 


= oat a(n) exp(—27ny) 
and using the integral representation of the gamma function: 
CO 
Fs) / eYys-! dy (Re(s) > 0). 
0 


The vector space of all Dirichlet series of type R(s, f) for f € Mz(N, w) can 
be characterized by analytic properties of these series. Following Andrianov 
A.N. (1974), we give this characterization in the case N = 1. 


Theorem A. Let f € Mx, = My,(SL2(Z)). Then the Dirichlet series 
R(s, f) admits a meromorphic continuation to the entire complex plane, and 
if one puts 

A(s, f) = (27) *I'(s)R(s, f), 
then the function 
—] k/2 
a(0) | (=1)/2a(0) ici 
S k-s 


A(s, f) + 


is entire. The following functional equation holds 
A(k — s, f) = (—1)*/?A(s, f). (3.39a) 


Theorem B. Every Dirichlet series R(s) = )~?-.,a(n)n~* whose coef- 
ficients a(n) have not more than a polynomial order of growth, and which 
satisfies (3.39) and (3.39a), has the form R(s,f) for some modular form 
f € Mz = Mx (SLe(Z)). 


Indeed, in order to prove theorem A we use the Mellin transform (3.38) 
and write 
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A(s,f) = [ [#(éy) - a(0)jy-* dy (Re(s) > +1). 


Taking into account that f(—1/z) = z* f(z) we see that 
oe) 1 
A(s,f) =f (¢(éy) - a(o)iy'* ay = +f finyye a 


oe 1 
afi [f (ty) — a(0)]y*~* dy — “) + | f(—1/iy)y7°* dy 
1 0 


oe) *k 
= | [fliy) - a(o)y'1 + shyt2) dy — 2 - SO 
1 s k—s 

The function f(iy) — a(0) tends to zero exponentially as y — oo, so the 
last integral converges absolutely for all s and turns out to be a holomorphic 
function of the variable s. This proves (3.39). By the substitution s + k—s the 
last written expression for A(s, f) is multiplied by i*, and both the functional 
equation (3.39a) and theorem A follow. 

In order to prove theorem B it suffices to use the inverse Mellin transform, 
and the fact that the whole modular group SL2(Z) is generated by the matrices 

11 0-1 
(o1) and (, % ). 

Theorems A and B can be extended to modular forms of integral weight 
for congruence subgroups of SL2(Z) (with natural technical complications). 
The theorem generalizing Theorem A in this situation is called the direct 
theorem, and the generalization of Theorem B is called the inverse theorem. 
This inverse theorem was stated by A.Weil (1967), (1971) in terms of the 
twisted Dirichlet series 


A*(s,x) = (2m)-*I'(s) ) x(n)a(n)n-, (3.40) 


n=1 


where x is an arbitrary Dirichlet character. Assume that the series. 
oOo 
R(s) = > a(n)n-* 
n=1 


converges absolutely for s = k—6, 6 > 0, and that for ally mod r, (r,N) =1 
the functions (3.40) are entire, bounded in every vertical strip and satisfy 
certain functional equations relating A*(s, x) to A*(k — s,xV). Then one can 
deduce that the Fourier series 


f(z) = )/ a(n)e(nz) 
n=0 


represents a modular form in S;(N, w). In other words, the automorphy prop- 
erties of this Fourier series can be deduced from functional equations of the 
corresponding Dirichlet series twisted by Dirichlet characters; the precise form 
of the functional equations for these series is given in Weil A. (1967). 
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3.4. Primitive Forms. Atkin and Lehner have made an important addi- 
tion to Hecke’s theory by constructing a satisfactory theory of Hecke op- 
erators for all m including the divisors of the level. We begin with a sim- 
ple example (following Lang S. (1976), Fomenko O.M. (1977), Gelbart S. 
(1975)). Consider the vector space Sj2(Io(2)) containing f(z) = A(z) and 
fo(z) = A(2z). These two functions have the same eigenvalues for all Hecke 
operators Tj2(p) with p # 2. However they are linearly independent. A nat- 
ural question then arises: which additional conditions must be imposed on 
f(z) = So, a(n)e(nz) € S,(N,w) so that it is uniquely determined by its 
eigenvalues A ¢(m) for (m, N) = 1. 

In order to find such conditions one constructs first the subspace of old 
forms Se!4(I,(N)) C Se(Ii(N)) as the sum of images of the operators 


V(d) : Ski (N/d)) > S(T) 
(see (3.23)) for all divisors d of the level N. Set 
SEAN, p) = Sk(N,p) See(T(N)). 


Then the vector space of new forms of level precisely N is defined to be the 
orthogonal complement of the old forms: 


Si (N, Wb) = SR’ (N, Wp) © SP'I(N, y). (3.41) 


The main result of Atkin-Lehner theory is that if a function f € SP°” (N,v) 
is an eigenfunction of all Hecke operators T,(m) with (N,m) = 1, then f is 
uniquely determined (upto a multiplicative constant) by the eigenvalues and 
one can normalize f by the condition a(1) = 1. A primitive form of conductor 
N is then defined as a normalized new eigenform f € S?°”(N,w). For such 
forms f the condition f|U(q) = a(q)f for q|N is automatically satisfied. One 
has the following Euler product expansion: 


[(s,f) = S| a(n)n-* 
= [[@ -—a(@)a-*)"? [][G — app? + (pp *-*)?, 


q|N p{N 


(3.42) 


in which |a(q)| = q“*-)/? if the character 7 can not be defined modulo the 
smaller level N/q, and if 7 is defined modulo N/q then a(q)? = w(q)q*7! 
provided q? / N, and a(q) = 0 otherwise (i.e. for q7|N), see Li W. (1975). 

Let f(z) = S72, a(n)e(nz) € S,(N, wp) be a primitive cusp form of con- 
ductor Cy, Cy|N. If we put 


WC = (6.9) MO=FED = Lawelne) € (0,9), 
n=0 


then there is a complex number A(f) with |A(f)| = 1 such that 
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flkW(Cy) = ACP) FP. (3.43) 


Primitive cusp forms of a given conductor are characterized by the identity 
(3.43), which is equivalent to a certain nice functional equation for the corre- 
sponding Dirichlet series (Li W. (1975)). 


L(s, f) = [] GQ — (pp? + w(p)p* 8) 


= | [[@ — a(p)p-*)( — @'(p)p*)J?, 
where 
a(p)a’(p) = (p)p**, a(p) +. a"(p) = a(p). (3.44) 
If we put 


A(s, f) = (20//Cs)~*T(s)L(s, f), 


then this functional equation has the form 
A(k — 8, f) =i*/X(f)A(s, f?). (3.45) 


For a primitive Dirichlet ,;haracter ~ whose conductor Cy is coprime to C's, 
the twisted modular form 


Me: 


f(z) = )_ x(n)a(n)e(nz) € Si (CrCX, P) 


0 


n 


is a primitive cusp form of conductor CC? (comp. with (3.45) and (3.39a)). 
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4.1. A new chapter in the theory of modular forms, and generally in arith- 
metic, was opened by Serre and Deligne, who discovered a link between mod- 
ular forms and Galois representations. Their results have enhanced our under- 
standing of a universal role played by modular forms in number theory, and 
have explained a whole series of mysterious facts concerning various arith- 
metical functions. Examples of these facts are the conjecture of Ramanujan— 
Petersson 7(p) < 2p1/? for the Ramanujan function 7(p), and the congruence 
of Ramanujan 

t(n) = 5° d"! mod 691. (4.1) 
d|n 


The first result in this direction concerns the normalized cusp forms 


Oo 
f(z) = 5 a(n)e(nz) € S,(SL2(Z)) with k = 12, 16, 18, 20, 22, 26, 
n=1 
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when dim S;(SL2(Z)) = 1. Serre conjectured (Serre J.-P. (1968a), (1968b)), 
and Deligne proved (1969) that for each of the above cusp forms and for every 
prime number | there exists a continuous Galois representation 


pi: G( Ki /Q) — GLe2(Z)) (4.2) 


(where Kk, is the maximal extension of Q ramified only at /) with the property 
that the image of the p-Frobenius element F,, = pi(Frp) for p # | has 
characteristic polynomial t? — a(p)t + p*~!, where a(p) is the p*® coefficient 
of f, and k is its weight. 

One can rephrase the statement on the characteristic polynomial as saying 
that the representation p; is Z-integral in the sense of 4.2.1, and the following 
equation holds: 


(1 — a(l)l-* + 1*-1-*) L(s, f) = L(y, 8). (4.3) 


This result makes it possible to study congruences modulo a prime number 
l for the coefficients a(n). It turns out that such congruences exist only when 
l is exceptional for p;, i.e. when the image Im jp; does not contain SL2(Z,). In 
this case there are certain relations modulo | between the trace Tr F,, = a(p) 
and the determinant det F,,, = p*—! of the matrix F,,,. For example, in the 
case of the Ramanujan function 7(n) we have k = 12, | = 691, and the image 
of p; mod I (modulo conjugation) lies in the subgroup of upper triangular 


* 


matrices iG *) mod /. One has 


11 
Foy = ¥ ) mod 1, 


which implies T(p) = p!1 +1 mod l, and by multiplicativity one obtains the 
congruence (4.1). H.P.Swinnerton—Dyer (1973) gave the following description 
of the possible exceptional primes | for the above cusp forms:- 


a) there exists an integer m such that a(m) = n™ox_1-2m mod | whenever 
n is a quadratic non-residue mod |; in this case 


pe * 
| a — ( 0 scenes mod 1: 


b) a(n) =0 mod I whenever n is a quadratic residue mod J; 
c) p'-*a(p)? =0,1,2,4 mod l. 


For the Ramanujan function 7(n) the exceptional primes are: | = 2, 3, 5, 
7, 23, 691. 

The construction of the representation p; is based on methods from alge- 
braic geometry, in particular on the study of the /-adic cohomology groups of 
the Kuga-Sato variety E which is defined as the fiber product of w = k — 2 
copies of the universal elliptic curve Er — Xp over the modular curve 
Xp = H/T, I’ =SLe(Z) (see 4.3.2, Shokurov V.V. (1980)). 
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The variety EF is defined over Q and its algebraic (and complex) dimension 
is equal to w+ 1 = k —1. Deligne has shown that the representation p,; of 
Gal(Q/Q) occurs in the vector space H a (Exe, Q,); in other words one can 
associate to f a motive My of weight k — 1 which occurs in the cohomology 
of the Kuga-Sato variety. However, the construction of My requires many 
additional cohomological techniques (Jannsen U. (1990), Scholl A. (1990)). 

K.A. Ribet (1977) has extended the results of Deligne to primitive modular 
forms of arbitrary level. 

The Galois representation p; = ps, attached to a cusp form f is irreducible; 
if on the other hand we take for f an Eisenstein series which is an eigenfunction 
of all Hecke operators, f € Mx(N,w) then it is not difficult to construct a 
reducible /-adic representation p; whose L-function is the Mellin transform of 
f, i.e. such that the characteristic polynomial of F,, .» coincides with 


1—z(p)p-* + o(p)p**~** (f|Te(p) = Az (P)f) 


for 1 # p,lp } N. Formula (3.30) shows that if a(0) # 0 then A(p) = 1+ 
~(p)p*~*. Hence one may take for p; the direct sum 1 ® (py ® xi), where 
x. : Gal(Q/Q) — ZF (xi(Frp) = p) is.the cyclotomic character and py : 


Gal(Q/Q) — Q” Cc Q; is the one dimensional representation associated to w 
via the Kronecker-Weber theorem. For the Eisenstein series the L-function of 
this representation coincides with 


¢(s)L(s —k+1,¥) =] ][ -—p-°) — vp *9)7. 


4.2. The idea behind Deligne’s construction dates back to Ejichler’s study 
of the zeta functions of modular curves; these functions can be characterized 
as the Mellin transforms of cusp forms of weight 2 (see Eichler M. (1954)). 

If I’ is a congruence subgroup, then there is a one-to-one correspondence 
between cusp forms f € So(I°) and holomorphic differentials f(z) dz on Xr. 
Hence dim S2(I’) = g = g(Xr), where g(Xr) denotes the genus of Xr. 
Formulae for the genera of the curves Xr can be found in the book of Shimura 
(1971). If 7 = Ipo(N) then the notation Xr = Xo(N) is often used. 

Let us choose a Hecke basis {fi,..., f,} and consider the corresponding 
Kuler products L(s, f;) (see 4.3.32). 

Eichler discovered that the zeta function of the modular curve Xo(N) has 
the form 


¢(s)¢(s — 1)L(Xo(N), 8)" 


where the L-function L(Xo(N),s) coincides upto a finite number of Euler 
factors (corresponding to the divisors of the level N) with the product 


I] L(s, fi). 
i=l 
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Recall that the Z-function D(X, s) coincides with the L-function of the l-adic 
representation of Gal(Q/Q) on the Jacobian Jx = Jo(N) of the curve Xo(N). 

Using the L-functions L(s, f;) one can also obtain a decomposition of the 
Jacobian into a product of simple Abelian varieties (upto isogeny): 


Jo(N) = Ay X+++ x Ap. (4.4) 


One proves that the endomorphism algebra End A; ®Q = K; is a totally real 
extension of Q generated by the Hecke eigenvalues A;(m) ((m,N) = 1) of a 
cusp form f(z) = }0>~., a(n)e(nz) € Se(I(N)). One has 


L(Aj, 8) = WEG f*), 


where o runs through the embeddings o : K; — R, and 


ree > a(n)’ e(nz) € Sg(Io(N)). (4.5) 


In particular, (A; : Q] =dim A). 

A detailed exposition of these results can be found in the book of Shimura 
(1971). 

The especially interesting case g(Xo(N)) = 1 arises only for N =11, 14, 15, 
17, 19, 20, 21, 24, 27, 32, 36, 49, when the vector space S2(Io(V)) is generated 
by a single cusp form with integral Fourier coefficients. If N = 11 then 


f(z) =n(z)’n(11z)?, where n(z) = e(z/24) [] (1-e(mz)) (4.6) 
m=1 


is the Dedekind 7-function. For N = 36 we have that f can be explicitly 
obtained by the so-called Shimura correspondence from 


n(12z)*6(z), (4.7) 
where 0(z) = )>,¢7 e(n7z) is the theta function (Frey G. (1986)). 


4.3. The Taniyama—Weil Conjecture (Taniyama Y. (1957), Weil A. (1967), 
(1970), Frey G. (1986), Gelbart S. (1976), (1977)). An elliptic curve E defined 
over Q is called a modular elliptic curve (a Weil curve) if there exists a non 
constant morphism yy : Xo(N) — E. The Taniyama-Weil conjecture says 
that every elliptic curve over Q is modular. The smallest number N with 
this property is called the analytic conductor of &. In this case EF has good 
reduction modulo all primes p not dividing N, and its L-function coincides 
with the Mellin transform of a cusp form f € So(Io(N)): 


L(E, s) = L(s, f). 


In particular, the function L(£,s) admits an analytic continuation to the 
entire complex plane and satisfies a functional equation of the type 
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A(E, s) = (2n/VN)~*I'(s)L(E, 8) = £A(E, 2 — 8). 


This conjecture seems to be both very natural, and surprising since it estab- 
lishes a correspondence between two quite different kinds of object: elliptic 
curves over Q and primitive cusp forms of weight 2 with integral coefficients. 
The conjecture has been verified for a number of curves, in particular for all 
curves with complex multiplication. In the latter case the [-adic Galois rep- 
resentation on the Tate module turns out to be Abelian, and one proves first 
that its L-function coincides with the L-function of a Hecke character of the 
corresponding imaginary quadratic field (“Grossencharakter” ). The analytic 
continuation and functional equation of these functions is known (see 4.2.4), 
so it follows from Weil’s inverse theorem that L(E,s) = L(s,f) for some 
primitive cusp form f of weight 2, which is equivalent to the Taniyama—Weil 
conjecture. In the above examples the curve X9(36) admits complex multipli- 
cation by Q(\/—3), whereas the curve X9(11) has no complex multiplication. 


The Taniyama—Weil conjecture has a number of interesting arithmetical 
corollaries, in particular concerning Fermat’s last theorem (Frey G. (1986), 
Serre J.-P. (1987)). 

There is an analogue of the Taniyama~Weil conjecture describing all simple 
Abelian varieties with the property that the degree of the endomorphism 
algebra over Q coincides with the dimension of the variety. These varieties are 
thought to correspond to simple factors of the Jacobians of modular curves 
Serre J.-P. (1987), Weil A. (1967), (1970). 


4.4, The Conjecture of Birch and Swinnerton—Dyer (Birch B.J., Swinner- 
ton—Dyer H.P. (1965), Tate J. (1965a), Manin Yu.I. (1971), Coates J., Wiles 
A. (1977)). This deep conjecture gives a relation between the most important 
arithmetical invariants of an elliptic curve E over a number field AK, and the 
analytic behaviour of the L-function L(E,s) = L(E/K,s) at the point s = 1. 
These arithmetical invariants are: rg = rk E(K) (the rank of E over K), 
E(K)*°'s the torsion subgroup, Rg the regulator of FE, ie. the determinant of 
the Néron—Weil pairing hz on 


E(K)/E(K)° CR", 
and the Shafarevich—Tate group LI(F, K) of E over K. By definition 


L(E,s) = || L.(E,s), (4.8) 
where 
L,(E,s)~' = 1—a(py)Nu~* + Nu~*, 
a(py) = Nu+1-—Card E(Ox/py) 
for all places v where & has good reduction, and 


L,(E,s)~' =1—a(py)Nvu-*, a(py) = +1 or 0 
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for places v with bad reduction, according to the type of bad reduction of 
E mod p,. Here it is assumed that E is defined over Ox, and that it coincides 
with its Néron model (see §2 of Chapter 3). 

In view of the “Riemann conjecture over a finite field” (see (WA4) of 4.1.3) 
the following estimate holds: |a(py)|y < 2WNuv, which implies the absolute con- 
vergence of the series L(E,s) for Re(s) > 3/2. However, in order to formulate 
the conjecture we need stronger analytic properties: we assume the hypothesis 
of Hasse—Weil on the existence of an analytic continuation of L(E,s) to the 
entire complex plane. 

The conjecture of Birch and Swinnerton—Dyer (BSD) consists of two parts 
((Birch B.J. (1965), Birch B.J., Swinnerton—Dyer H.P. (1965)): 


a) the order of the zero ng = ords=1L(E, s) coincides with the rank rg 
) assume that the Shafarevich-Tate group of EF over K is finite; then as 
s — 1 the following asymptotic formula holds: 


rp Pe| UI(E, K)| 


L(E,s) ~ (s — 1) TE(K)s)2 


M, (4.9) 
where M = [],< Sp» Mv is an explicitly written product of local Tamagawa 
factors over the set Sr of all Archimedean places and places where & 
has bad reduction, my, = [ E(Ky) |w|,, w being the Néron differential of 
F (Birch B.J. (1965), Birch B.J., Swinnerton—Dyer H.P. (1965), Manin 
Yu.I. (1971)). 


For example, if kK = Q an elliptic curve E can be defined by the equation 
y? +ayry+az3y = x? + aor? + a4x + a6 (a;€Z), (4.10) 


which is minimal in the sense that the absolute value of its discriminant is 
minimal; in this case the Néron differential has the form dz/(2y + a; + a3) 
(Silverman J.H. (1986)). 

The BSD conjecture is closely related to the Taniyama—Weil conjecture, 
because the analytic properties of the functions L(E,s) = )~?-,a(n)n~° 
and L(E,x,s) = >, x(n)a(n)n-* imply the modular properties of the 
corresponding functions f(z) = )--~, x(n)a(n)e(nz) in view of the inverse 
theorem of Weil (4.3.3). In all known cases the following functional equation 
holds: 


A(E,s) = (2n/VN)~*I'(s)L(E, 8) = €(E)A(E,2 — 8), (4.11) 


where the number ¢(£) = +1 is called the sign of EF. 

These are the only Weil curves for which some partial results on the validity 
of the BSD conjecture are known. Let y : Xo(.N) — E define a Weil curve EF 
of conductor N, and let w be the Néron differential of EF. Then the pullback 
y*w coincides upto a sign with the differential 


f(a) = 2mif(z)dz on Xo(N), 
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where f € S(Io(N)) is a primitive cusp form of level N. One has L(E,s) = 
L(f,s) and the following equation holds 


L(E,1) = 2x rE. f (ty) dy. (4.12) 


The integral is absolutely convergent in view of the exponential decay of f(z) 
as y — oo or y — 0; it coincides essentially with the Tamagawa factor mo 
from (4.9). 3 


Theorem (Coates J., Wiles A. (1977)).. Let E/K be an elliptic curve with 
complex multiplication and let K be either Q or the complex multiplication 
field. Then the condition rg > 1 implies that ng > 1, 1.e. that L(E,1) =0. 


The proof of this theorem is based on an explicit calculation of the special 
value (4.12), which is upto a rational multiplicative constant equal to the 
Tamagawa factor Mg. From the existence of a point of infinite order it follows 
that this multiplicative constant is divisible by infinitely many primes, and is 
hence zero. 

A generalization of this result in another direction was found by R. Green- 
berg (1983): let E/Q be an elliptic curve with complex multiplication. If the 
number ng is odd then either the group II(£,Q) is infinite and contains 
a divisible group Q,/Z, for every good reduction prime p # 2,3 (ie. for 
which E& mod p is an elliptic curve with a non-trivial point of order p over 
F,). Developing these ideas K. Rubin recently constructed examples of curves 
E/Q with complex multiplication and with finite Shafarevich-Tate groups 
ILI (E, Q). He also proved the following deep fact: if for such a curve one has 
re = 7rge(Q) > 1 and e(£) = —1, then ng > 3. For example, the curve E : 
y* = 2° — 226z has rank 3 (generators modulo torsion are:(—1, 15), (—8, 96), 
(121/4,1155/8)), and e(£) = —1; hence ng > 3 (comp. with the examples in 
4.3.2). 

Although these results concern L-functions of a complex variable, they use 
a lot of p-adic theory and properties of p-adic L-functions. Neither the domain 
of definition nor the set of values of these L-functions are complex; they are 
p-adic. These L-functions make it possible to control the p-adic behaviour of 
special values of the type L(E,y,1) (where y is a Dirichlet character) which 
are algebraic numbers (upto a multiplicative factor of the form m,.) and may 
thus be regarded as p-adic numbers. Also, the p-adic L-functions describe 
the behaviour of the Selmer groups and the Shafarevich-Tate groups under 
Abelian extensions of the ground field K, which is either Q or the complex 
multiplication field of the given elliptic curve Manin Yu.I. (1971), (1976), 
(1978), Iwasawa K. (1972), Coates J. (1973), Mazur (1983), Mazur B., Wiles 
A. (1983), Panchishkin A.A. (1988). 

An important development of the BSD conjecture for modular curves (in- 
cluding curves with complex multiplication) was obtained by Gross and Za- 
gier (Gross B.H., Zagier D.B. (1986), Gross B.H., Kohnen W., Zagier D.B. 
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(1987), Coates J., Wiles A. (1977)). They proved for elliptic Weil curves E 
that if ne = 1 then rg > 1. They established furthermore the existence 
of elliptic curves E/Q for which ng > 3. These results are based on the 
theory of special points on modular curves (Heegner points). It was already 
known in the nineteenth century how to construct solutions to Pell’s equation 
using either special values of trigonometric functions (Dirichlet), or special 
values of the Dedekind eta-function (Kronecker) (see part I, §2 of Chapter 
1). Heegner in his work (Heegner H. (1952)) successfully used special val- 
ues of elliptic modular functions to find rational points on elliptic curves, 
making it possible to find effectively all imaginary quadratic fields with class 
number one. In the work of B.J.Birch (1975), extending and clarifying the 
ideas of H.Heegner (1952), the existence of rational points of infinite order 
on certain elliptic curves was first established without explicit evaluation of 
the coordinates of these points, and without verification that these points in- 
deed satisfy the equation of the given curve. Let »y : Xo9(£) — E be a Weil 
parametrization of a given curve E/Q. As was noted above (see 4.3.2) the 
set H/Ig9(N) C Xo(N)(C) parametrizes the isomorphism classes over C of 
isogenies FE, — E,/(P) with cyclic kernel (P) where E,(C) & C/(1,z) is a 
varying elliptic curve associated to the point z € H. Let K be an imaginary 
quadratic field of discriminant D < 0 with maximal order ©. Suppose that 
there exists an ideal 1 C O such that O/i & Z/NZ (this condition is satisfied 
for example, when D = square (mod4N) and (D,2N) = 1). Then one can 
associate to the isogeny C/O > C/i~! a point z on H/Ip(N), and it is not 
difficult to verify that this point is rational over the Hilbert class field Hx (the 
maximal unramified Abelian extension) of K. The point y(z) = y € E(Hx) 
is called the Heegner point on EF (Heegner H. (1952)); therefore the point 
YK = Dcecal(Hx/K)¥° © E(K) is defined over K. Birch and Stephens made 
extensive calculations of Heegner points in order to find out under which 
assumptions the point yx has infinite order. They suggested a conjecture, 
expressing for L(£,1) = 0 the special value L/(E,1) in terms of the prod- 
uct of m., and the Néron—-Tate height h(yx) of yx (Birch B.J., Stephens N. 
(1983)). This conjecture was proved by Gross and Zagier (Gross B.H., Zagier 
D.B. (1986), Coates J. (1984)). 


A further significant extension of these results is contained in works of V. A. 
Kolyvagin (1988). He proved that if L(£,1) #0 and yx has finite order then 
the groups E£(Q) and II (F,Q) are finite, proving the first part of the BSD 
conjecture. The methods developed by V. A. Kolyvagin make it possible to find 
effectively in terms of K, E and yx the smallest positive integer annihilating 
the groups £(Q) and LI (£, Q). Thus one also has an approach to proving 
the second part of the BSD conjecture. The theory of Euler systems due to V. 
A. Kolyvagin (1990) also allows one to consider from a unified point of view 
Gauss sums, elliptic units, cyclotomic units and Heegner points, and it gives 
an approach to proving the “main conjecture” of Iwasawa theory (see 3.4.5) 
which describes the Iwasawa modules attached to these objects in terms of 
p-adic L-functions. 
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A remarkable fact is that it is sometimes quite easy to verify that the special 
value L(F,1) vanishes, but it is extremely difficult to find a point of infinite 
order on a curve E. In the example of Cassels-Bremner FE : y? = x° + 8772 
(Cassels J.W.S., Bremner A. (1984), Cassels J.W.S. (1966)) the vanishing of 
the special value L(f,1) follows from the fact that EF is odd; on the other 
hand the generator of the group E(Q)/E(Q)'*® & Z looks very complicated 
(see part I, 1.3.2). 

The results of Gross and Zagier found an unexpected application to Gauss’s 
famous problem of finding all the imaginary quadratic fields Q(./—d) with 
class number h(—d) equal to a given number h. Previously these fields had 
been found explicitly in the cases h = 1 and h = 2 (Heegner H. (1952), 
Abrashkin V.A. (1974), Baker A. (1971), Deuring M. (1968), Stark H.M. 
(1967), (1969)). 

In 1976 Goldfeld showed (Goldfeld D.M. (1976)) that if there is a cusp 
form f € Sx(Io(N)) whose Mellin transform has a zero at 1 of essentially 
high order (3 or 4, depending on k and N) then for any positive integer h > 1 
one can find an effective upper bound for d such that h(—d) = h. The desired 
cusp form has since been found: Mestre showed (Mestre, J.-L. (1985)) that 
the elliptic curve | 

y>+y=2?-Tr+6 (4.13) 


of conductor 5077 and rank 3 (E(Q) & Z° with generators (1,0), (6,0), (0,2)) 
is a Weil curve, i.e. its L-function L(E,s) = )(°°.,a(n)n~* is the Mellin 
transform of some cusp form f(z) = )~>~, a(n)e(nz) € S2(I9(5077)). From 
the results of Gross and Zagier and from the fact that EF is odd (i.e. e(£) = —1) 
one deduces that ng > 3, so f is a cusp form with the required properties. 
The use of f in the theorem of Goldfeld makes it possible to prove that for a 
positive integer T > 1 there exists an effective constant B(T) > 0 such that 
if d possesses T' different prime divisors, then the following estimate holds: 
h(—d) > B(T) log d. If d is a prime then dlogd < 55h(—d). Using this result 
all d with h(—d) = 3 were found (Oesterlé J. (1983)). 

A fruitful use of L-functions of elliptic curves and modular forms was 
demonstrated recently in the work J.Tunnell (Tunnell J.B. (1983), Frey G. 
(1986)) on a classical Diophantine problem concerning congruent numbers. A 
natural number WN is called a congruent number if it is with the area of some 
right angle triangle, all of whose sides have rational lengths. For example, the 
number 6 is congruent as it is the area of the Egyptian triangle with the sides 
3, 4, and 5. It turns out that the smallest congruent number is 5 which is equal 
to the area of the triangle with sides 3/2, 20/3, 41/6. The fact that N = 1 is 
not congruent provides an excellent example of use of Fermat’s infinite descent 
argument and also proves Fermat’s Last Theorem for the exponent 4. Indeed, 
suppose that Z > Y > X > 0 are rational numbers satisfying 


1 
MAYO STZ, 5XY =N. (4.14) 


From these equalities we obtain 
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(X+Y)*=2Z°4+4N, (X-Y)*? =Z?-AnN. (4.15) 


Multiplying the equations (4.15) together shows that the positive integers 
u=Z/2and v = (Y? — X”)/4 satisfy the equation 


uv? = ut — N?. (4.16) 


Put now N = 1 and write the numbers u,v > 0, u,v € Q in the form: u = a/b, 
v = c/d, where a and 6 are coprime and c and d are coprime. As a result one 
obtains from (4.16) 


c*b4 = ath? — b4d? = (a* — b*)/a?. 


Taking into account the fact that GCD(c,d) = 1 and GCD(a* — b4,b*) = 1, 
we see that b4 = d?, ice. 
at —b* = c?. (4.17) 


We now rewrite (4.17) in the form (a? —c)(a? +c) = b4 and note that a prime 
number dividing both numbers a? — c and a? +c divides also 2a” and 2c. This 
implies that GCD(a? — c, a” +c) = 1 by the coprimality of a and b. However, 
the product of these factors is a fourth power, so we have the following two 
possibilities: 


a? —c = 2C* a? —~c = 8D* 
{ a2+c=8pt’? { a* +¢=2C%’ 
where C > 0, C odd, and GCD(C,D) = 1. In both cases one has a? = 
C4 + 4D4, ie. D* = (a — C*)(a + C*). Now considering the factors a — C? 
and a+ C7”, we see that a+ C? = 2A* and a—C? = 2B? This in turn implies 
that the natural numbers A,B,C satisfy the relation At — B* = C?, and 
max{A, B,C} < max{a, b,c}. We have reached a contradiction. 
On the other hand it is not difficult to see that the curve (4.16) is bi- 
rationally isomorphic to a plane cubic curve E™ having Weierstrass form 
y? = 2° — N“z. In order to show this one uses the substitution 


X =(N?-—27)/y, Y=2Na/y, Z=(N*%+27)/y. 


Reducing modulo primes shows that the points of finite order on E‘(Q) are 
precisely those for which y = 0, together with the point at infinity. Thus 
one obtains the remarkable fact that N is congruent if and only if the group 
EN (Q) is infinite. 

J.B.Tunnel proved in 1983 that if an odd natural number N is a congruent 
number then 


Card{(z, y, z) eZ | 22° a y? i 827 = N} = 
2Card{(z,y,z) € Z | 2x? + y? + 3227 = N}, 


Assuming the Birch-Swinnerton—Dyer conjecture for the curves E’ he showed 
that this condition is also sufficient. 
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In connection with the Taniyama—Weil conjecture we point out the result 
of G.V.Belyi (1979): every algebraic curve defined over a number field can 
cover the projective line with ramification points only lying above 0, 1, and 
oo, the cover being defined over a number field. From this result it follows 
in particular that every elliptic curve over Q admits a parametrization by 
modular forms with respect to a subgroup of finite index in SLo(Z) (which 
is not necessarily a congruence subgroup). This result made it possible to 
solve the embedding problem over certain cyclotomic extensions of Q, and to 
construct Galois extensions of such fields whose Galois groups are given finite 
simple groups with two generators. Previously the embedding problem over 
Q was solved by I.R.Shafarevich for all finite solvable groups (1954). 


4.5. The Artin Conjecture and Cusp Forms (Deligne P., Serre J.-P. (1975), 
Henniart G. (1977), Hiramatsu Toyokazu (1988)). The correspondence be- 
tween primitive cusp forms of weight 2 with respect to Io(V) and elliptic 
curves given above by the Taniyama—Weil conjecture, has a remakable ana- 
logue in the case of cusp forms of weight 1. Langlands has conjectured, and 
Deligne and Serre have precisely formulated a link between primitive cusp 
forms f(z) = >0,,-) a(n)e(nz) € S\(N,w) and irreducible two dimensional 
complex Galois representations 


ps : G(Q/Q) — GL2(C). (4.14") 
The condition that f is primitive includes the conditions 
fT) =ap)f, aQ)=1 ((p,N)=1). (4.15') 


Deligne and Serre proved the existence of irreducible representations py un- 
ramified outside the divisors of N such that 1) det pf = py is a one dimensional 
Galois representation which corresponds via the Kronecker-Weber theorem to 
an odd Dirichlet character w : (Z/NZ)* — C*, ¥(-1) = —1, and 2) the im- 
age Tr F’,,» coincides with a(p) for all p, (p,N) = 1. For Eisenstein series 
f € Mi(N,wW) with conditions (4.15’) such Galois representations can be 
easily constructed and turn out to be sums of Dirichlet characters. 

A remarkable consequence of the construction is the proof of the Ramanu- 
jan—Petersson conjecture in the case of weight k = 1: 


la(p)| < 2p'F-Y/2 = 2. (4.16’) 


Indeed the number Tr F,, » = a(p) is the sum of two roots of unity, and 
the estimate (4.16’) therefore holds for Eisenstein series (however, for weight 
k = 1 this is also true for the cusp forms). 

The construction of pr uses the reduction mod I of the l-adic representa- 
tions attached to modular forms of weight k > 2. First one proves that a given 
cusp form of weight 1 has the same Fourier coefficients modulo a prime ideal, 
as a cusp form g of a higher weight k > 2. Then one verifies that the I-adic 
representation p, mod | can be lifted to characteristic zero, and one gets as 
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a result the desired complex representation pz, for which properties 1) and 2) 
are valid since they are satisfied modulo infinitely many prime numbers. 

The conditions 1) and 2) on the representation pz mean that the L-series 
L(s, f) (the Mellin transform of f) coincides with the Artin L-series of the 
representation pf, i.e. 


L(s, f) = Llp, 8), (4.17’) 


and the analytic properties of L(py,s) follow from those of L(s, f) described 
in 4.3.3. For complex representations p : G(Q/Q) — GLn(C) the statement 
that L(p,s) is holomorphic is known as the Artin conjecture. It follows that 
this conjecture is true for representations of the type p = py. Conversely if 
one knows for a two dimensional representation p with odd determinant det p 
that the functions L(p ® x, s) for all Dirichlet characters y are holomorphic, 
then the existence of a cusp form f satisfying (4.17’) can be deduced from 
Weil’s inverse theorem (see 4.3.3). It turns out that the image p(G(Q/Q)) of 
a two dimensional irreducible representation p in PGL2(C) is always one of 
the following groups: 


1) a dihedral group in which case the representation p is monomial (i.e. in- 
duced from a character of a cyclic subgroup); 

2) Ay (tetrahedral case); 

3) S4 (octahedral case); 

4) As (icosahedral case). 


Langlands and Tunnel proved the conjecture on the existence of a cusp form 
f for which p = py in cases 2) and 3). The validity of the Artin conjecture 
in case 4) remains unknown in general. However Buhler (see in Henniart G. 
(1977)) gave an example of a representation of type 4) for which the Artin 
conjecture is valid, as well as the existence of the corresponding cusp form. In 
this example Ker p = G(Q/K) where K is the splitting field of the polynomial 


x + 10x27 — 10x? + 35x — 18, 


and N = 800. | 

The number JN in the construction of Serre and Deligne has an interpre- 
tation as the Artin conductor of the representation pz, which is defined for 
every finite dimensional Galois representation p : Gg — GL(V) with finite 
image as follows. Let p be a primé, p a prime ideal of the ring O C Q of all 
algebraic integers, p € p. Then the image of the decomposition group 


G® = {0 € Go | op =p}, 


is isomorphic to the Galois group of some finite extension F/Q,, p(G)) = 


G(F/Q,). Let ur be the normalized p-valuation of F, i.e. ur(F*) = Z. Define 
the ramification groups 


Gyi = {o € G(F/Q) | vr(z — o(x)) > 7 for all x € Or} 
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and let Vp i = V°>.i, In particular Gp is the inertia subgroup, and the fact 
that p is unramified over p is equivalent to saying that V = Vpo. 

Define the Artin conductor (see Artin E. (1930), (1965), Serre J.P. (1962)) 
by | 


N = N(p) =], (4.18) 
p 


where the exponent n(p, p) is defined by 


16.2) 
1 , 
n(p, p) = >> God) dim V/Vp,o- (4.19) 


This turns out to be an integer (at first sight it only looks like a rational 
number). One has n(p, p) = dim V/V,, , + bp(V), where the number 0,(V) 
is called the wild invariant of the representation p over p. One can show that 
for one dimensional representations the Artin conductor coincides with the 
conductor of the corresponding character of the idele class group, attached to 
it by class field theory (Serre J.-P. (1962)). 


4.6. Modular Representations over Finite Fields (Serre J.-P. (1987)). Based 
on a deep analysis of previous constructions, Serre suggested in 1987 a univer- 
sal description of all two dimensional Galois representations over finite fields 
in terms of cusp forms. Let p be a prime number, p a prime ideal of the ring 
of all algebraic integers O C Q dividing p (i.e. p € p). We call a representation 


p: Gog — GL(2,F,) (4.20) 


a modular representation of type (NV, k,w), if for some modular form 
00 
flz)= Dy a(n)e(nz) € S&,(N, y), 
n=1 


which is an eigenform of the Hecke operators normalized by a(1) = 1, the 
following condition is satisfied 


Tr(F,1) =a(l) mod p | (4.21) 


for all primes | / Np. 

Serre conjectured that every irreducible representation (4.20) is modular 
for some N not dividing p. He also described explicitly the numbers N and k 
and the character w, assuming that N and k are minimal under the condition 
(N,p) = 1. According to this conjecture the number N is determined by the 
ramification of p outside p in the same way as the Artin conductor: 


N = N(p) = [[?. 
lA~p | 
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The weight k is defined by ramification properties of p at p, and the character 
is determined by the following condition on the determinant of p: 


det p= (I)Ik-! mod p (lL) Np). 


Serre gave many concrete examples of representations p for which the corre-— 
sponding cusp form f with N, k and w as predicted by the conjecture, can be 
explicitly constructed. 

We point out some remarkable consequences of this conjecture. First of all 
Q and for simple Abelian varieties with real multiplication (4.4.3). Also this 
conjecture would of imply Fermat’s last theorem. This corollary can be shown 
using the elliptic curve of Frey E : y? = x(x — A)(x +B), where 


A=a?, B=0?, C=c? a,bcEZ, p>d 


are integers satisfying the condition A+B+C=0, ABC 40 (a solution of 
Fermat’s equation). According to the given conjecture, the Galois representa- 
tion _¥ 


p:Gg — Aut E, = GLo(F,) 


on points of order p of the elliptic curve of Frey should correspond to a cusp 
form f € So(Io(2)). However, 


dim S2(Io(2)) = g(Xo(2)) = 9, 


hence such cusp form cannot exist. 

Another approach to proving the non-existence of the elliptic curves of 
Frey consists of applying to the corresponding “arithmetic surface” (a scheme 
over Spec Z of dimension 2) an analogy of a result on non-singular projective 
surfaces of general type over an algebraically closed field of characteristic zero 
(the ee aa of Bogomolov-Miyaoka—Yao, Miyaoka Y. (1977), Parshin A.N. 
(1986)).* 
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5.1. A Relation Between Classical Modular Forms and Representation The- 
ory (Borel A. (1979), Piatetski-Shapiro I.I. (1979)). The domain of definition 
of the classical modular forms (the upper half plane) is a homogeneous space 
H ={ze€C|Im z > 0} of the reductive group G(R) = GL2(R): 


H = GL2(R)/0(2) - Z, 


where Z = {(5 ) |x € R*} is the center of G(R) and O(2) is the orthogonal 
group, see (4.3.1). Therefore each modular form 


*)See Wiles A., 1994, Taylor R. and Wiles, 1994. 
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f(z)= S| a(n)e(nz) EM, (N,v) C Mz (Ln) (5.1) 


n=0 
can be lifted to a function f on the group GL2(R) with the invariance condition 


f(vg) =f(g) for all y€ In C GLa(R). 


In order to do this we put 


71) - J f(9(i))5(9,t)* if det g > 0, 
HO = Helo iy-* ifaety co on 


where g = ee € GLo(R) and j(g,i) = |det g|-1/2(cz + d) is the factor of 
automorphy. 
One has f(xg) = exp(—ik@) f(g) ifx = Ge ~ ag is the rotation through 


sin? cos@ 
the angle @. 
Consider the group GLe2(A) of non-degenerate matrices with coefficients in 


the adele ring A and its subgroup 


10 
U(N) — f = 1x WE € GL2(A) | In © GLo(Zp), Gp = (51) mod Nt} 
Pp 


(5.3) 
From the chinese remainder theorem (the approximation theorem) one obtains 
the following coset decomposition: 


T'w\GLo(R) & GLe(Q)\GL2(A)/U(N), (5.4) 


using which we may consider f as a function on the homogeneous space (5.4), 
or even on the adele group GLo(A). 

The action of GL2(A) on f by group shifts defines a representation m = my 
of the group GL2(A) in the space of smooth complex valued functions on 
GL2(A), for which 


(n(h)f) (9) = Fgh) (9,h € GLa(A)). 


The condition that the representation mz be irreducible has a remarkable 
arithmetical interpretation: it is equivalent to f being an eigenfunction of the 
Hecke operators for almost all p. If this is the case then one has an infinite 
tensor product decomposition 


r= () to, (5.5) 


where the 7, are representations of the local groups GL2(Q,) with v = p or 
OO. 

Jacquet and Langlands chose irreducible representations of groups such as 
GL2(Q,) as a starting point for the construction of L-functions (Jacquet H., 
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Langlands R.P. (1971b), Borel A. (1979)). These representations can be clas- 
sified and explicitly described. Thus for the representations 7, in (5.5) one can 
verify for almost all v = vp that the representation 7, has the form of an in- 
duced representation 7, = Ind(z1 ®p2) from a one dimensional representation 


of the subgroup of diagonal matrices (111 ® L2) & ) = p2(x) i (y), where pu; : 
Q; — C%* are unramified quasicharacters (see 4.2.4). This classification makes 


it possible to define for almost all p an element hy = Gy re € GLa(C). 


From this one can construct the following Euler product (the Z-function of 
the automorphic representation 77) 


L(m, 8) = [| L(t, s) = |] det (12 -— p-*hp) (5.6) 


pgs péS 


in which the product is extended over all but a finite number of primes. 
It turns out that the function L(7, s) coincides essentially with the Mellin 
transform of the modular form f: 


L(s, f) = L(as,8 + (Kk —1)/2). 


The notion of a primitive form f also takes on a new meaning: the correspond- 
ing function f from the representation space of an irreducible representation 7 
must have a maximal stabilizer. The theory of Atkin—Lehner can be reformu- 
lated as saying that the representation 77 occurs with multiplicity one in the 
regular representation of the group GL2(A) (the space of all square integrable 
functions). | 

More generally, an automorphic representation is defined as an irreducible 
representation of an adele reductive group G(A) in the space of functions on 
G(A) with some growth and smoothness conditions. 

Jacquet and Langlands constructed for irreducible admissible automorphic 
representations 7 of the group GLo(A) analytic continuations of the corre- 
sponding L-functions L(7,s), and established functional equations relating 
L(x, s) to L(#,1—s), where 7 is the dual representation. For the functions 
L(ms,s) this functional equation is exactly Hecke’s functional equation (see 
4.3.39). 

Note that the notion of an automorphic representation includes as special 
cases: 1) the classical elliptic modular forms, 2) the real analytic wave modular 
forms of Maass, 3) Hilbert modular forms, 4) real analytic Eisenstein series of 
type >.’ ewe 5) Hecke L-series with Gréssencharakters (or rather their 
inverse Melin transforms), 6) automorphic forms on quaternion algebras etc. 

Interesting classes of Euler products are related to finite dimensional com- 
plex representations 


r: GLe(C) > GLm(C). 
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Put 
[(r,7, 8) = [|] £¢p.7, s), (5.7) 


where 
L(tp,7, 8) = det (1m — p *r(hp))~*. 


These products converge absolutely for Re(s) >> 0, and, conjecturally, ad- 
mit analytic continuations to the entire complex plane and satisfy functional 
equations (Borel A. (1979), Borel A., Casselman W. eds. (1979), Langlands 
R.P. (1971a), Deligne P. (1979), Serre J.-P. (1968a)). 

This conjecture has been proved in some special cases, for example when 
r = Sym’‘St is the i*® symmetric power of the standard representation St : 
GL2(C) — GLe(C) for i = 2,3,4,5 (Shahidi F. (1988)). 

The Ramanujan—Petersson conjecture, proved by Deligne, can be formu- 
lated as saying that the absolute values of the eigenvalues of hy € GL2(C) for 
a cusp form f are all equal to 1. 

As a consequence of the conjectured analytic properties of the functions 
(5.7) one could deduce the following conjecture of Sato and Tate about the 
distribution of the arguments of the Frobenius elements: let a(p) = e'%? 
(0 < Yp» < 7) be an eigenvalue of the matrix h, defined above. Then for cusp 
forms f without complex multiplication (i.e. the Mellin transform of f is not 
the L-function of a Hecke Gréssencharacter (4.2.4) of an imaginary quadratic 
field) the arguments y, are conjecturally uniformly distributed in the segment 
[0,7] with respect to the measure 2 sin? ydy (Serre J.-P. (1968a)). In the 
case of complex multiplication the analytic properties of the L-functions are 
reduced to the corresponding properties of the L-functions of Hecke Grossen- 
characters (see 4.2.4), which imply the uniform distribution of the arguments 
Y» with respect to the usual Lebesgue measure. 

The arithmetical nature of the numbers e*”? is close to that of the signs 
of Gauss sums a(p) = g(x)/,/p where g(x) = ae x(u)e(u/p), x being is a 
primitive Dirichlet character modulo p. Even if x is a quadratic character, the 
precise evaluation of the sign a(p) = +1 is rather delicate (see Borevich Z.L., 
Shafarevich I.R. (1985)). If x is a cubic character, i.e. if x? = 1 then p = 6t+1, 
and the sums lie inside the lst, the 3rd or the 5th sextant of the complex 
plane. Using methods from the theory of automorphic forms S.J.Patterson 
and D.R.Heath—Brown solved the problem of Kummer on the distribution of 
the arguments of cubic Gauss sums by means of a cubic analogue of the theta 
series, which is a certain automorphic form on the threefold covering of the 
group GL2 (Deligne P. (1980a), Heath-Brown D.R., Patterson S.J. (1979), 
Kubota T. (1969)). 


5.2. Automorphic D-Functions (Borel A. (1979)). The approach of Jacquet— 
Langlands made it possible to extend the whole series of notions and results 
concerning L-functions to the general case of automorphic representations 
of reductive groups over a global field K. Let G be a linear group over K, 


§5. Automorphic Forms and The Langlands Programme 271 


Ga, = G(A) its group of points with coefficients in the adele ring of the field K. 
Automorphic representations are often defined as representations belonging 
to the regular smooth representation of the group Ga, and one denotes by 
the symbol 2(G/K) the set of equivalence classes of irreducible admissible 
automorphic representations of Ga. A representation 7 from this class admits 
a decomposition 7 = @yy where v € J'x runs through the places of K and 
the 7, are representations of the groups G, = G(K,). In order to construct 
L-functions, the L-group “G of G is introduced. Consider the tuple of root 
data (Borel A. (1979), Springer T.A. (1981)) 


Wo(G) = (X*(T), A, X,(T), AY) (5.8) 


of the group G; here T is a maximal torus of G (over a separable closure of the 
ground field K); X*(T) is the group of characters of T; X,(T) the group of 
one parameter subgroups of T and A (resp. AY) is a basis of the root system 
(resp. the dual basis of the system of coroots). The connected component 
of the Langlands L-group “G® is defined to be the complex reductive group 
obtained by inversion wo +> WJ, whose root data is isomorphic to the inverse 


bo(G)” = (X(T), AY, X*(T), A). (5.9) 


If G is a simple group, then the group “G(C) can be characterized upto 
a central isogeny by one of the types Ay, Bn, .... Go of the Cartan—Killing 
classification. It is known that the map wo +> 7% interchanges the types 
B, and Cy, and leaves all other types fixed. Thus if G = Sp,, (respectively 
GSp,,), then “G° = SOoan+1(C) (resp. “G° = Spin, ,;(C)). The whole group 
LG is then defined as the semi-direct product of }G° with the Galois group 
Gal(k*/K) of an extension K®* of the ground field K over which G splits 
(i.e. the torus T becomes isomorphic to GL}). This semi-direct product is 
determined by the action of the Galois group [x = Gal(K*/K) on the set of 
maximal tori defined over K°. 

The most important classification result of the Langlands theory states 


that if 
n= (%)m € 2(G/K) 


then for almost all v the local component 7, corresponds to a unique conjugacy 
class of an element h, in the group “G. 
Put 


L(m,r,s) = |] L(m,7,8), (5.10) 
vEgS 


where §S is a finite set of places of K, 
L(my,7, 8) = det (lm — Nu7®r(h,))7?. 


Langlands has shown that if 7 € 2(G/K) then the product in (5.10) con- 
verges absolutely for all s with sufficiently large real part Re(s) (Langlands 
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R.P. (1971la)). The product (5.10) defines an automorphic L-function only 
up to a finite number of Euler factors. Although this is sufficient for cer- 
tain questions related to analytic continuation of these functions, the precise 
form of these missing factors is very important in the study of the functional 
equations. A list of standard conjectures on the analytic properties of the 
[-functions (5.10) can be found in A.Borel’s paper (1979). 

For the group G = GL, and the standard representation r = r, = St: 
LG°® =, GL,(C) the main analytic properties of the L-functions (5.10) are 
proved in Jacquet H., Piatetski-Shapiro I.I., Shalika J.A. (1979), Gelbart S., 
Piatetski-Shapiro I., Rallis S. (1987), Shahidi F. (1988), Jacquet H., Shalika 
J.A. (1981). 

Also in the case G = GL, the multiplicity one theorem (an analogue of 
the theorem of Atkin—Lehner) (Atkin A., Lehner J. (1970), Gelbart S, (1975), 
(1976)) has been extended. This is closely related to the non-vanishing theo- 
rem : for a cuspidal representation 7 one has L(7,rp,1) # 0. 

For GL3 an analogue of Weil’s inverse theorem (see 4.3.3) has been proved: 
if all the L-functions of type L(7@x,7r3, s) (where x is a Hecke character and 7 
is an irreducible admissible representation) can be holomorphically continued 
to the entire complex plane, then the representation 7 can be realized in the 
space of cusp forms (Jacquet H., Piatetski-Shapiro [.I., Shalika J.A. (1979)). 

Interesting classes of L-functions attached to Siegel modular forms were 
introduced and studied in A.N.Andrianov (1974), (1979a), Andrianov A.N., 
Kalinin V.L. (1978). These modular forms and their Z-functions have deep 
arithmetical significance and are closely related to the classical problem on 
the number of representations of a positive definite integral quadratic form 
by a given integral quadratic form (as generating functions, or theta-series). 
These numbers arise in Siegel’s general formula considered above (3.3.67). 
From the point of view of the theory of automorphic representations, Siegel 
modular forms correspond to automorphic forms on the symplectic group 
G = GSp,,. In this case the dual Langlands group coincides with the universal 
covering Sping,,;(C) of the orthogonal group SOen+41(C). To construct L- 
functions one uses the following two kinds of representation of the L-group 
LG = Sping,,,; * Gal(K°/K): pony1 and rn, where pon+1 is the standard 
representation of the orthogonal group, and r, is the spinor representation of 
dimension 2”. It is convenient to consider the following matrix realization of 
the orthogonal group: 


SOen+1(C) ={g € SLan+1(C) | "9Gng = Gn}, 


with a quadratic form defined by the matrix 


On, 1, O 1 O 0 

ak 0 1 om 

Ga = 1, O, O |]? oe oe 0 
Oo sia a 0 O | 
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If 7 = QyTy € A(GSp,,/K) then for almost all v the representation 7, corre- 
sponds to a conjugacy class h, in “G whose image in the standard represen- 
tation is given by a diagonal matrix of the type 


Pon+1(hy) a {arv; "+, Qn, aT y ’ On 1}, 


and in the spinor representation it becomes 
Tn(hv) = {8o,v, Bo,vO1,u5*** 1 F0,v is iggy ** Cig,ur** ths 
where for every m < n all possible products of the type 
Bo,vQix ,vOigy'** Aimy, Lt <ig<-:+<imen 


arise. 
The element h, is uniquely defined upto the action of the Weyl group W,, 
generated by the substitutions 


1 se 
Bo,v +> Bo,vQiv, Oi, > Ayr Aj b> Ay (j #1) 


and by all possible substitutions of the coordinates 
Qi v1 Migjur' Ai, ,v- 


A.N.Andrianov has established meromorphic continuations and functional 
equations for automorphic L-functions of the type L(7;,7n, 8) where 7; is the 
automorphic representation of GSp,,(A) over Q attached to a Siegel modular 
form f with respect to I, = Sp,,(Z), n = 2 . He has also studied the holomor- 
phy properties of these functions for various classes of Siegel modular forms 
f (Andrianov A.N. (1974), (1979a)). 

A.N.Andrianov and V.L.Kalinin (1978) have studied the analytic proper- 
ties of the standard zeta functions D(z, pan+1, 8), where my is the automor- 
phic representation of GSp,,(A) over Q attached to a Siegel modular form f 
with respect to the congruence subgroup If'(N) C Sp,(Z). For n = 1 these 
L-functions coincide with the symmetric squares of Hecke series, previously 
studied by Shimura. 


5.3. The Langlands Functoriality Principle (Borel A. (1979), Borel A., Cas- 
selman W. eds. (1979), Gelbart S. (1977), Panchishkin A.A. (1981), (1984)). 
This important principle establishes ties between automorphic representations 
of different reductive groups H and G. A homomorphism of the L-groups 
u:%H — 4“G attached to G and H is called an L-homomorphism if the 
restriction of u to “H°(C) is a complex analytic homomorphism to “G°(C), 
and u induces the identity map on the Galois group Gx. The functoriality 
principle is formulated in terms of the conjugacy classes of the matrices h, 
corresponding to the local components 7, of an irreducible admissible repre- 
sentation 7 = @yTy of the group H(Ax). It includes the following statements: 
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1) locally: for almost all v there exists an irreducible admissible representa- 
tion u,(7,) of the group G,, = G(K,) which corresponds to the conjugacy 
class of the element u(h,) in LG. 

2) globally: there exists an irreducible admissible representation u,(7) = 
tT’ = @ym, € U(G/K) such that 7, = us(7_) for almost all v. In this sit- 
uation the representation 7’ is also called the lifting of the representation 
TT. 


In particular, according to this principle every automorphic L-function of 
the type L(z,r,s) where r : “G — GLm(C), must coincide with the L-function 
L(r.(7), 'm, 8) of the general linear group GL,, with the standard representa- 
tion Tm of the L-group “G° = GLm(C). These automorphic L-functions are 
called standard L-functions, and as was noted above their analytic properties 
have to a certain extent already been studied. 

Liftings of automorphic forms can be studied using the Selberg trace for- 
mula (Borel A., Casselman W. eds. (1979), Serre J.-P. (1962)). This powerful 
tool establishes a connection between characters of irreducible representations 
and conjugacy classes, generalizing the classical result for finite groups. 

The functoriality principle for automorphic forms is closely related to the 
problem of parametrizing the set of equivalence classes of irreducible admis- 
sible representations over global and local fields by means of representations 
of the Galois group (or more precisely by means of homomorphisms from the 
Weil group of the ground field (see 4.2.6) to the L-group “G, regarded as 
a group over C in the local case, or as a group over all completions FE of 
some number field F in the global case). It is conjectured that to an admis- 
sible homomorphism of that type must correspond a non-empty set, referred 
to as an L-packet, of classes of irreducible admissible representations of the 
group G(K,) or G(Ax) (this is the Langlands conjecture). In this correspon- 
dence the L-function of a representation of the Weil group (4.2.6) is identified 
with the L-function of the associated automorphic (irreducible, admissible) 
representation of the reductive group. 

In the case G = GL, this conjecture is the essential content of class field 
theory (both local and global) establishing a correspondence between char- 
acters of the group Gal(K/K) and automorphic forms on GL, which are 
characters of the idele class group (in the global case) or characters of the 
multiplicative group (in the local case). 

The task of passing from GL, to other reductive groups is a vast non- 
commutative generalization of class field theory. We have considered above 
special cases of this correspondence attached to classical modular forms, the 
group GL2 and two-dimensional Galois representations (both complex and 
l-adic). These examples seem to be a promising start to a theory, which is 
intended to tie together algebraic varieties (motives), Galois representations 
and automorphic forms (automorphic representations). 
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